Stored XSS Vulnerability in LiteSpeed Cache
CVE-2024-47374
Key Information:
- Vendor
- WordPress
- Status
- Vendor
- CVE Published:
- 5 October 2024
Badges
Summary
The CVE-2024-47374 vulnerability in the LiteSpeed Cache plugin for WordPress has been identified, allowing for the execution of arbitrary JavaScript code by potential cyber threats. The flaw impacts all versions of the plugin up to 6.5.0.2 and has been mitigated in version 6.5.1, with the root cause being inadequate sanitization and output escaping procedures in the plugin’s HTTP header values. The vulnerability poses a risk of stored XSS attacks, potentially compromising user data and website integrity. Timely patching and secure coding practices are crucial to protect against such vulnerabilities and maintain the overall security of the WordPress ecosystem. There is no indication of exploitation by ransomware groups at this time.
Affected Version(s)
LiteSpeed Cache <= 6.5.0.2
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
The Tech ReportCVE-2024-47374Popular WordPress Caching Plugin Had a Major XSS Vulnerability
The WordPress Caching Plugin had three major XSS vulnerabilities, which have now been fixed by Patchstack. Here's more about it.
Single HTTP Request Can Exploit 6M WordPress Sites
The popular LiteSpeed Cache plug-in is vulnerable to unauthenticated privilege escalation via a dangerous XSS flaw.
be3.skCVE-2024-47374Examining the Vulnerabilities in WordPress Plugins – Be3
A recent discovery has unveiled a significant security vulnerability in the LiteSpeed Cache plugin for WordPress, allowing the execution of arbitrary JavaScript code by potential cyber threats. The...
References
CVSS V3.1
Timeline
Vulnerability published
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability Reserved