A critical security vulnerability (CVE-2024-47374) has been discovered in the LiteSpeed Cache plugin for WordPress. This vulnerability affects all versions of the plugin up to and including 6.5.0.2. The flaw was responsibly disclosed by researcher TaiYou from the Patchstack Alliance and was patched in version 6.5.1, released on September 25, 2024.
| Product | litespeed-cache |
| Date | 2024-10-09 10:55:09 |
| Information |
|
Technical Summary
CVE-2024-47374 is a stored XSS vulnerability with a CVSS score of 7.2. This flaw could allow unauthenticated users to execute arbitrary JavaScript code under certain conditions. The vulnerability poses a significant risk as it could lead to the theft of sensitive information or privilege escalation on affected WordPress sites.
Recommendations
- Immediately update the LiteSpeed Cache plugin to version 6.5.1 or later.
- Implement strict input validation and output encoding practices in WordPress themes and plugins.
- Use a Web Application Firewall (WAF) to add an extra layer of protection against XSS attacks.
[Callforaction-THREAT-Footer]
