Security Flaws LiteSpeed Cache plugin for WordPress.
Security Flaws LiteSpeed Cache plugin for WordPress. A serious security vulnerability has been identified in the LiteSpeed Cache plugin for WordPress, which may allow malicious users to execute arbitrary JavaScript code under specific conditions. This issue, designated as CVE-2024-47374 and assigned a CVSS score of 7.2, is classified as a stored cross-site scripting (XSS) vulnerability and affects all versions of the plugin up to and including 6.5.0.2. The vulnerability was addressed in version 6.5.1, released on September 25, 2024, after being responsibly disclosed by Patchstack Alliance researcher TaiYou. According to Patchstack's report, "This vulnerability could enable any unauthenticated user to steal sensitive information or potentially escalate privileges on the WordPress site with just a single HTTP request."
