Skip to main content

Litespeed Cache

5 CVEs product

Monthly

CVE-2024-9169 MEDIUM This Month

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Litespeed Cache
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3246 MEDIUM PATCH This Month

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Litespeed Cache
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-45000 HIGH This Week

Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Litespeed Cache
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-40000 HIGH POC THREAT Act Now

Stored cross-site scripting in LiteSpeed Cache for WordPress (versions up to and including 5.7) allows remote unauthenticated attackers to inject persistent malicious scripts that execute in the context of any user - including administrators - visiting affected pages. Publicly available exploit code exists and EPSS scores this at 82.03% (99th percentile), indicating very high probability of opportunistic exploitation across the millions of WordPress sites running this plugin. No CISA KEV listing at time of analysis, but the combination of high EPSS, public POC, and massive install base makes this a priority for WordPress operators.

XSS Litespeed Cache
NVD GitHub
CVSS 3.1
8.3
EPSS
82.0%
Threat
5.6
CVE-2020-29172 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Litespeed Cache
NVD
CVSS 3.1
6.1
EPSS
0.9%
EPSS 0% CVSS 4.8
MEDIUM This Month

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Litespeed Cache
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Litespeed Cache
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Litespeed Cache
NVD
EPSS 82% 5.6 CVSS 8.3
HIGH POC THREAT Act Now

Stored cross-site scripting in LiteSpeed Cache for WordPress (versions up to and including 5.7) allows remote unauthenticated attackers to inject persistent malicious scripts that execute in the context of any user - including administrators - visiting affected pages. Publicly available exploit code exists and EPSS scores this at 82.03% (99th percentile), indicating very high probability of opportunistic exploitation across the millions of WordPress sites running this plugin. No CISA KEV listing at time of analysis, but the combination of high EPSS, public POC, and massive install base makes this a priority for WordPress operators.

XSS Litespeed Cache
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Litespeed Cache
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy