Security News > 2024 > October > WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
2024-10-04 09:11
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
News URL
https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html
Related news
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-05 | CVE-2024-47374 | Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. | 6.1 |