Blog Details

  • Home
  • Blog
  • High-Severity XSS Vulnerability Discovered in LiteSpeed Cache WordPress Plugin
High-Severity XSS Vulnerability Discovered in LiteSpeed Cache WordPress Plugin

High-Severity XSS Vulnerability Discovered in LiteSpeed Cache WordPress Plugin

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress, potentially allowing attackers to execute arbitrary JavaScript code. The vulnerability, tracked as CVE-2024-47374 and rated with a CVSS score of 7.2, affects all plugin versions up to and including 6.5.0.2.

Addressed in version 6.5.1 on September 25, 2024, this vulnerability was identified and responsibly disclosed by Patchstack Alliance researcher TaiYou. According to a Patchstack report, "It could allow any unauthenticated user to steal sensitive information or escalate privileges by making a single HTTP request."

The flaw stems from the inadequate sanitization and output escaping of the "X-LSCACHE-VARY-VALUE" HTTP header. This vulnerability opens the door for the injection of arbitrary web scripts, a type of attack known as stored cross-site scripting (XSS).

Stored XSS attacks, also called persistent XSS attacks, allow malicious code to be stored on a website's server, such as in a database or visitor log. Every time an unsuspecting user visits a compromised page, the embedded script is executed in their browser, potentially leading to browser-based exploits, session hijacking, and other malicious activities.

For the exploit to be successful, however, specific Page Optimization settings—such as "CSS Combine" and "Generate UCSS"—must be enabled on the WordPress site using the vulnerable plugin.

Stored XSS vulnerabilities pose significant risks. If a site administrator's session is hijacked, the attacker could potentially gain full control of the website, allowing them to launch more sophisticated attacks. With LiteSpeed Cache boasting over six million active installations, the large attack surface makes this flaw especially concerning for WordPress site owners.

This vulnerability follows closely on the heels of another high-severity flaw (CVE-2024-44000, CVSS score: 7.5), which could enable unauthenticated users to take control of arbitrary accounts on WordPress sites.

Additionally, the TI WooCommerce Wishlist plugin is currently under scrutiny for an unpatched SQL injection vulnerability (CVE-2024-43917, CVSS score: 9.8), which allows attackers to execute arbitrary SQL queries in the site's database. Another critical flaw was discovered in the Jupiter X Core WordPress plugin (CVE-2024-7772, CVSS score: 9.8), allowing attackers to upload arbitrary files and execute remote code on the server.

Site administrators are urged to update their LiteSpeed Cache plugin to the latest version (6.5.1) and ensure all other plugins are also up-to-date to mitigate these risks.

© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067