Vulnerabilities and security researches forlitespeed-cache litespeed-cache

Direction: ascending

Jun 07, 2024

LiteSpeed Cache # CVE-2020-29172

CVE, Research URL: CVE-2020-29172
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Dec 26, 2020
Research Description: A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2021-24963

CVE, Research URL: CVE-2021-24963
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Jan 03, 2022
Research Description: The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2021-24964

CVE, Research URL: CVE-2021-24964
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Jan 03, 2022
Research Description: The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2023-40000

CVE, Research URL: CVE-2023-40000
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Apr 16, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2022-46800

CVE, Research URL: CVE-2022-46800
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: May 25, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2023-4372

CVE, Research URL: CVE-2023-4372
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Jan 11, 2024
Research Description: The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2023-45000

CVE, Research URL: CVE-2023-45000
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Apr 16, 2024
Research Description: Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
Affected versions: Min -, max -.
Status: vulnerable

Jul 24, 2024

LiteSpeed Cache # CVE-2024-3246

CVE, Research URL: CVE-2024-3246
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Jul 24, 2024
Research Description: The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Aug 23, 2024

LiteSpeed Cache # CVE-2024-28000

CVE, Research URL: CVE-2024-28000
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Aug 21, 2024
Research Description: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
Affected versions: Min -, max -.
Status: vulnerable

Sep 06, 2024

LiteSpeed Cache # CVE-2024-44000

CVE, Research URL: CVE-2024-44000
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Oct 20, 2024
Research Description: Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.
Affected versions: Min -, max -.
Status: vulnerable

Sep 26, 2024

LiteSpeed Cache # CVE-2024-9169

CVE, Research URL: CVE-2024-9169
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Sep 25, 2024
Research Description: The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

LiteSpeed Cache # CVE-2024-47373

CVE, Research URL: CVE-2024-47373
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2024-47637

CVE, Research URL: CVE-2024-47637
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Oct 16, 2024
Research Description: : Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1.
Affected versions: Min -, max -.
Status: vulnerable

LiteSpeed Cache # CVE-2024-47374

CVE, Research URL: CVE-2024-47374
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.
Affected versions: Min -, max -.
Status: vulnerable

Oct 31, 2024

LiteSpeed Cache # CVE-2024-50550

CVE, Research URL: CVE-2024-50550
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: Oct 29, 2024
Research Description: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1.
Affected versions: Min -, max -.
Status: vulnerable

Dec 24, 2024

LiteSpeed Cache # CVE-2024-51915

CVE, Research URL: CVE-2024-51915
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: -
Research Description: LiteSpeed Cache [litespeed-cache] < 6.5.3 CVE-2024-51915
Affected versions: Min -, max -.
Status: vulnerable

May 14, 2025

LiteSpeed Cache # CVE-2025-47437

CVE, Research URL: CVE-2025-47437
Home page URL: Security reports for LiteSpeed Cache
Application: LiteSpeed Cache
Date: -
Research Description: LiteSpeed Cache [litespeed-cache] < 7.1 CVE-2025-47437
Affected versions: Min -, max -.
Status: vulnerable