https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/
Patchstack is the official security partner for LiteSpeed Cache. Patchstack is helping with coordinated vulnerability disclosure and patch validation. If...
https://patchstack.com/database/wordpress/plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-5-2-cross-site-scripting-xss-vulnerability
Patchstack is one of the largest open-source vulnerability disclosers in the world. For example, in 2023 more than 70% of new WordPress vulnerabilities were...
https://patchstack.com/database/wordpress/plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-3-0-1-unauthenticated-privilege-escalation-vulnerability
This could allow a malicious actor to escalate their low privileged account to something with higher privileges. After this they could take full control of the...
https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/
Note that this vulnerability is reproducible in a default installation and activation of the LiteSpeed Cache plugin without a specific requirement or...
https://patchstack.com/database/wordpress/plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-5-7-unauthenticated-site-wide-stored-xss-vulnerability
This vulnerability is highly dangerous and expected to become exploited. Vulnerabilities like this one are used in mass-exploit campaigns. Attackers use these...
https://patchstack.com/database/wordpress/plugin/litespeed-cache/vdp
This is the official vulnerability disclosure program for LiteSpeed Cache. If you're a security researcher and believe that you have found a security...
https://patchstack.com/database/wordpress/plugin/litespeed-cache/security-policy
This is the official vulnerability disclosure program for LiteSpeed Cache. If you're a security researcher and believe that you have found a security...
https://patchstack.com/database/wordpress/plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-7-0-1-server-side-request-forgery-ssrf-vulnerability
This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to...
https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites/
The hash is generated and saved in the Router:get_hash method. This method gets called by some configuration-related methods that get called during crawls, and...
https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/
This vulnerability highlights the critical importance of ensuring the strength and unpredictability of values that are used as security hashes or nonces. The...