CVE-2023-4372
- EPSS 1.53%
- Published 11.01.2024 09:15:46
- Last modified 21.11.2024 08:34:57
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ...
CVE-2022-46800
- EPSS 0.04%
- Published 25.05.2023 09:15:11
- Last modified 21.11.2024 07:31:04
Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.
CVE-2021-24963
- EPSS 0.21%
- Published 03.01.2022 13:15:08
- Last modified 21.11.2024 05:54:05
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting
CVE-2021-24964
- EPSS 14.83%
- Published 03.01.2022 13:15:08
- Last modified 22.05.2025 19:15:24
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one o...
CVE-2020-29172
- EPSS 0.33%
- Published 26.12.2020 02:15:12
- Last modified 21.11.2024 05:23:46
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.