CVE-2026-3375
- EPSS 0.36%
- Veröffentlicht 27.05.2026 07:45:55
- Zuletzt bearbeitet 27.05.2026 14:50:47
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept...
CVE-2025-12450
- EPSS 0.38%
- Veröffentlicht 29.10.2025 09:27:57
- Zuletzt bearbeitet 15.04.2026 00:35:42
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att...
CVE-2024-50550
- EPSS 0.91%
- Veröffentlicht 29.10.2024 10:15:04
- Zuletzt bearbeitet 23.04.2026 15:20:10
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.
CVE-2024-44000
- EPSS 83.18%
- Veröffentlicht 20.10.2024 12:15:03
- Zuletzt bearbeitet 23.04.2026 15:18:57
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
CVE-2024-47637
- EPSS 0.63%
- Veröffentlicht 16.10.2024 14:15:06
- Zuletzt bearbeitet 23.04.2026 15:19:23
Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1.
CVE-2024-47374
- EPSS 1.41%
- Veröffentlicht 05.10.2024 16:15:03
- Zuletzt bearbeitet 23.04.2026 15:19:16
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.
CVE-2024-47373
- EPSS 0.24%
- Veröffentlicht 05.10.2024 16:15:03
- Zuletzt bearbeitet 23.04.2026 15:19:15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.
CVE-2024-9169
- EPSS 0.27%
- Veröffentlicht 25.09.2024 09:15:03
- Zuletzt bearbeitet 26.09.2024 13:32:02
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authent...
CVE-2024-28000
- EPSS 68.27%
- Veröffentlicht 21.08.2024 14:15:08
- Zuletzt bearbeitet 29.04.2026 10:16:32
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
CVE-2024-3246
- EPSS 0.18%
- Veröffentlicht 24.07.2024 04:15:04
- Zuletzt bearbeitet 21.11.2024 09:29:14
The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update t...