cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3246,https://securityvulnerability.io/vulnerability/CVE-2024-3246,Cross-Site Request Forgery Vulnerability in LiteSpeed Cache Plugin,"The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Litespeed Cache,5.4,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-07-24T03:17:17.104Z,0
CVE-2023-4372,https://securityvulnerability.io/vulnerability/CVE-2023-4372,Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin for WordPress,"The LiteSpeed Cache plugin for WordPress contains a vulnerability that allows authenticated attackers with contributor-level permissions or higher to exploit inadequate input sanitization and output escaping in the 'esi' shortcode. This weakness enables them to inject malicious web scripts into pages, which are executed when users access those compromised pages. Versions up to and including 5.6 are affected, underscoring the importance of updating to protect against potential security breaches.",Wordpress,LiteSpeed Cache,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2024-01-11T08:32:29.982Z,0
CVE-2021-24964,https://securityvulnerability.io/vulnerability/CVE-2021-24964,LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS,"The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.",Wordpress,Litespeed Cache,6.1,MEDIUM,0.0014100000262260437,false,,false,false,false,,false,false,2022-01-03T12:49:08.000Z,0
CVE-2021-24963,https://securityvulnerability.io/vulnerability/CVE-2021-24963,LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting,"The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting",Wordpress,Litespeed Cache,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-01-03T12:49:07.000Z,0
CVE-2020-29172,https://securityvulnerability.io/vulnerability/CVE-2020-29172,,A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.,Wordpress,Litespeed Cache,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2020-12-26T01:56:28.000Z,0