Vulnerabilities > Litespeedtech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-20 | CVE-2024-44000 | Insufficiently Protected Credentials vulnerability in Litespeedtech Litespeed Cache Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. | 9.8 |
| 2024-07-24 | CVE-2024-3246 | Cross-Site Request Forgery (CSRF) vulnerability in Litespeedtech Litespeed Cache The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. | 5.4 |
| 2024-02-09 | CVE-2024-25678 | Unspecified vulnerability in Litespeedtech Lsquic In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | 9.8 |
| 2024-01-11 | CVE-2023-4372 | Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-08-14 | CVE-2023-40518 | Unspecified vulnerability in Litespeedtech Openlitespeed LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. | 7.5 |
| 2023-05-25 | CVE-2022-46800 | Cross-Site Request Forgery (CSRF) vulnerability in Litespeedtech Litespeed Cache Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions. | 8.8 |
| 2022-10-27 | CVE-2022-0072 | Path Traversal vulnerability in Litespeedtech Openlitespeed Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. | 5.8 |
| 2022-10-27 | CVE-2022-0073 | Improper Input Validation vulnerability in Litespeedtech Openlitespeed Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. | 8.8 |
| 2022-10-27 | CVE-2022-0074 | Untrusted Search Path vulnerability in Litespeedtech Openlitespeed Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. | 8.8 |
| 2022-05-11 | CVE-2022-30592 | NULL Pointer Dereference vulnerability in Litespeedtech Lsquic liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. | 7.5 |