Reflected Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin for WordPress
CVE-2025-12450

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Litespeed Cache
Vendor: CVE Published:; 29 October 2025

What is CVE-2025-12450?

The LiteSpeed Cache plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input validation and output encoding. Attackers can exploit this vulnerability by crafting malicious URLs that, when clicked by an unsuspecting user, execute arbitrary scripts in the context of their browser session. This type of attack emphasizes the need for robust security measures within WordPress plugins to prevent unauthorized script execution and potential data breaches.

Affected Version(s)

LiteSpeed Cache * <= 7.5.0.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://github.com/litespeedtech/lscache_wp/commit/3d473f...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

Nicholas Giemsa

JSON