Vulnerabilities > Litespeedtech

DATE CVE VULNERABILITY TITLE RISK
2024-10-20 CVE-2024-44000 Insufficiently Protected Credentials vulnerability in Litespeedtech Litespeed Cache
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.
network
low complexity
litespeedtech CWE-522
critical
9.8
2024-07-24 CVE-2024-3246 Cross-Site Request Forgery (CSRF) vulnerability in Litespeedtech Litespeed Cache
The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1.
network
low complexity
litespeedtech CWE-352
5.4
2024-02-09 CVE-2024-25678 Unspecified vulnerability in Litespeedtech Lsquic
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
network
low complexity
litespeedtech
critical
9.8
2024-01-11 CVE-2023-4372 Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
litespeedtech CWE-79
5.4
2023-08-14 CVE-2023-40518 Unspecified vulnerability in Litespeedtech Openlitespeed
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
network
low complexity
litespeedtech
7.5
2023-05-25 CVE-2022-46800 Unspecified vulnerability in Litespeedtech Litespeed Cache
Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.
network
low complexity
litespeedtech
8.8
2022-10-27 CVE-2022-0072 Path Traversal vulnerability in Litespeedtech Openlitespeed
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal.
network
low complexity
litespeedtech CWE-22
5.8
2022-10-27 CVE-2022-0073 Improper Input Validation vulnerability in Litespeedtech Openlitespeed
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection.
network
low complexity
litespeedtech CWE-20
8.8
2022-10-27 CVE-2022-0074 Untrusted Search Path vulnerability in Litespeedtech Openlitespeed
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation.
network
low complexity
litespeedtech CWE-426
8.8
2022-05-11 CVE-2022-30592 NULL Pointer Dereference vulnerability in Litespeedtech Lsquic
liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.
network
low complexity
litespeedtech CWE-476
critical
9.8