A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.
The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2.
It was addressed in version 6.5.1 on September 25, 2024, following responsible disclosure by Patchstack Alliance researcher TaiYou.
“It could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request,” Patchstack said in a report.
Streamingkalendern: Här är det som kommer och som lämnar tv-tjänsterna
Här har du streamingkalendern - med information om program som kommer och program som lämnar tjänsterna. Lämnar Kommer