#CVE202447374

Single HTTP Request Can Exploit 6M WordPress Sites

October 8, 2024 by Xynik

October 8, 2024 at 08:36AM A popular WordPress plug-in, LiteSpeed Cache, containing a cross-site scripting flaw (CVE-2024-47374), has been exploited by attackers, potentially enabling privilege escalation and malicious code installation on affected websites. A simple patch has been issued by Patchstack, allowing administrators to update to the fixed version 6.5.1 immediately to prevent vulnerabilities. After … Read more

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

October 4, 2024 by Xynik

October 4, 2024 at 06:00AM A high-severity security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-47374) allows for arbitrary JavaScript code execution. The flaw was patched in version 6.5.1 on September 25, 2024, after being responsibly disclosed. This vulnerability could enable privilege escalation and affects all versions up to 6.5.0.2, potentially impacting the over … Read more