cbcvebase.

Litespeed Technologies Litespeed Cache vulnerabilities

11 known vulnerabilities affecting litespeed_technologies/litespeed_cache.

Total CVEs
11
CISA KEV
0
Public exploits
4
Exploited in wild
4
Severity breakdown
CRITICAL3HIGH2MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2024-44000P1CRITICALCVSS 9.8ExploitedPoC≤ 6.5.0.12024-10-20
CVE-2024-44000 [CRITICAL] CWE-522 CVE-2024-44000: Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespe Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
nvd
CVE-2024-28000P1CRITICALCVSS 9.8ExploitedPoC≤ 6.3.0.12024-08-21
CVE-2024-28000 [CRITICAL] CWE-266 CVE-2024-28000: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cac Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
nvd
CVE-2023-40000P1MEDIUMCVSS 6.1ExploitedPoC≥ n/a, ≤ 5.72024-04-16
CVE-2023-40000 [MEDIUM] CWE-79 CVE-2023-40000: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
nvd
CVE-2024-47374P1MEDIUMCVSS 6.1ExploitedPoCRansomware≤ 6.5.0.22024-10-05
CVE-2024-47374 [MEDIUM] CWE-79 CVE-2024-47374: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.
nvd
CVE-2024-50550P3CRITICALCVSS 9.8≤ 6.5.12024-10-29
CVE-2024-50550 [CRITICAL] CWE-266 CVE-2024-50550: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cac Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.
nvd
CVE-2024-47637P3HIGHCVSS 8.8≤ 6.4.12024-10-16
CVE-2024-47637 [HIGH] CWE-23 CVE-2024-47637: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allo Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1.
nvd
CVE-2022-46800P4HIGHCVSS 8.8≥ n/a, ≤ 5.32023-05-25
CVE-2022-46800 [HIGH] CWE-352 CVE-2022-46800: Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.
nvd
CVE-2025-47437P4MEDIUMCVSS 6.4≤ 7.0.12025-09-09
CVE-2025-47437 [MEDIUM] CWE-918 CVE-2025-47437: Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 7.0.1.
nvd
CVE-2024-51915P4MEDIUMCVSS 6.5≤ 6.5.22026-02-20
CVE-2024-51915 [MEDIUM] CWE-79 CVE-2024-51915: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.2.
nvd
CVE-2023-45000P4MEDIUMCVSS 5.3≥ n/a, ≤ 5.72024-04-16
CVE-2023-45000 [MEDIUM] CWE-862 CVE-2023-45000: Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects Lit Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
nvd
CVE-2024-47373P4MEDIUMCVSS 5.4≤ 6.5.0.22024-10-05
CVE-2024-47373 [MEDIUM] CWE-79 CVE-2024-47373: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.
nvd
Litespeed Technologies Litespeed Cache vulnerabilities | cvebase