Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache by LiteSpeed Technologies
CVE-2024-51915

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Litespeed Cache
Vendor: CVE Published:; 20 February 2026

What is CVE-2024-51915?

A recently discovered vulnerability in the LiteSpeed Cache plugin from LiteSpeed Technologies allows for Stored Cross-Site Scripting (XSS). This security flaw permits attackers to inject malicious scripts into web pages, potentially affecting users who visit the compromised pages. The issue affects versions of LiteSpeed Cache up to 6.5.2. Users are strongly encouraged to update to the latest version to mitigate this risk and enhance their website's security.

Affected Version(s)

LiteSpeed Cache 0 <= 6.5.2

References

https://patchstack.com/database/Wordpress/Plugin/litespee...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Nov 4, 2024

Credit

TaiYou | Patchstack Bug Bounty Program

CVE-2024-51915 Data

JSON