VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 18 known issues Latest disclosed Oct 28, 2025

LiteSpeed Cache Vulnerabilities

Review known vulnerability records for the WordPress plugin LiteSpeed Cache (`litespeed-cache`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-12450, CVE-2025-47437 and CVE-2024-51915, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
18
High or Critical
5
Patch Coverage
100%
Last Updated
Oct 29, 2025
Priority CVE Quick Links

Fast paths into LiteSpeed Cache CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
18
CVE-2024-28000 Critical 6.4
CVE-2024-28000 LiteSpeed Cache Privilege Escalation

LiteSpeed Cache <= 6.3.0.1 - Unauthenticated Privilege Escalation

CVE-2024-50550 High 6.5.2
CVE-2024-50550 LiteSpeed Cache Privilege Escalation

LiteSpeed Cache <= 6.5.1 - Unauthenticated Privilege Escalation

CVE-2024-44000 High 6.5.0.1
CVE-2024-44000 LiteSpeed Cache Sensitive Information Exposure

LiteSpeed Cache <= 6.4.1 - Unauthenticated Sensitive Information Exposure via Log Files

CVE-2024-47374 High 6.5.1
CVE-2024-47374 LiteSpeed Cache Stored Cross-Site Scripting

LiteSpeed Cache <= 6.1 - Unauthenticated Stored Cross-Site Scripting

CVE-2023-40000 High 5.7.0.1
CVE-2023-40000 LiteSpeed Cache Stored Cross-Site Scripting

LiteSpeed Cache <= 5.7 - Unauthenticated Stored Cross-Site Scripting via 'nameservers' and '_msg'

CVE-2021-24964 Medium 4.4.4
CVE-2021-24964 LiteSpeed Cache Cross-Site Scripting

LiteSpeed Cache <= 4.4.3 - Authorization Bypass

CVE-2024-51915 Medium 6.5.3
CVE-2024-51915 LiteSpeed Cache Stored Cross-Site Scripting

LiteSpeed Cache <= 6.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-47373 Medium 6.5.1
CVE-2024-47373 LiteSpeed Cache Stored Cross-Site Scripting

LiteSpeed Cache <= 6.5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for LiteSpeed Cache so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
18 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 4 high severity findings.
Recent CVEs
CVE-2025-12450, CVE-2025-47437 and CVE-2024-51915
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for LiteSpeed Cache

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-12450
CVE-2025-12450: LiteSpeed Cache <= 7.5.0.1 - Reflected Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Published
Oct 28, 2025
Patched Release
7.6
Affected Versions
Versions up to 7.5.0.1
Next Step
Update to 7.6 or newer if supported.
Open CVE-2025-12450 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-47437
CVE-2025-47437: LiteSpeed Cache <= 7.0.1 - Authenticated (Editor+) Server-Side Request Forgery

The LiteSpeed Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.1. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from...

Published
May 07, 2025
Patched Release
7.1
Affected Versions
Versions up to 7.0.1
Next Step
Update to 7.1 or newer if supported.
Open CVE-2025-47437 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-51915
CVE-2024-51915: LiteSpeed Cache <= 6.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

Published
Dec 20, 2024
Patched Release
6.5.3
Affected Versions
Versions up to 6.5.2
Next Step
Update to 6.5.3 or newer if supported.
Open CVE-2024-51915 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-50550
CVE-2024-50550: LiteSpeed Cache <= 6.5.1 - Unauthenticated Privilege Escalation

The LiteSpeed Cache plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.1. This is due to the is_role_simulation() function not properly providing protection against unauthorized use of the function. This makes it possible for unau...

Published
Oct 29, 2024
Patched Release
6.5.2
Affected Versions
Versions up to 6.5.1
Next Step
Update to 6.5.2 or newer if supported.
Open CVE-2024-50550 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47373
CVE-2024-47373: LiteSpeed Cache <= 6.5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

Published
Sep 30, 2024
Patched Release
6.5.1
Affected Versions
Versions up to 6.5.0.2
Next Step
Update to 6.5.1 or newer if supported.
Open CVE-2024-47373 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47637
CVE-2024-47637: LiteSpeed Cache <= 6.4.1 - Authenticated (Author+) Path Traversal

The LiteSpeed Cache plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.4.1. This makes it possible for authenticated attackers, with author-level access and above, to perform actions on files outside of the originally intended directory.

Published
Sep 30, 2024
Patched Release
6.5.1
Affected Versions
Versions up to 6.4.1
Next Step
Update to 6.5.1 or newer if supported.
Open CVE-2024-47637 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-47374
CVE-2024-47374: LiteSpeed Cache <= 6.1 - Unauthenticated Stored Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-LSCACHE-VARY-VALUE' header in all versions up to, and including, 6.5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

Published
Sep 30, 2024
Patched Release
6.5.1
Affected Versions
Versions up to 6.5.0.2
Next Step
Update to 6.5.1 or newer if supported.
Open CVE-2024-47374 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-9169
CVE-2024-9169: litespeed cache <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with adminis...

Published
Sep 24, 2024
Patched Release
6.5
Affected Versions
Versions up to 6.4.1
Next Step
Update to 6.5 or newer if supported.
Open CVE-2024-9169 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-44000
CVE-2024-44000: LiteSpeed Cache <= 6.4.1 - Unauthenticated Sensitive Information Exposure via Log Files

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information...

Published
Sep 05, 2024
Patched Release
6.5.0.1
Affected Versions
Versions up to 6.4.1
Next Step
Update to 6.5.0.1 or newer if supported.
Open CVE-2024-44000 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-28000
CVE-2024-28000: LiteSpeed Cache <= 6.3.0.1 - Unauthenticated Privilege Escalation

The LiteSpeed Cache plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.3.0.1. This is due to the plugin not properly restricting the role simulation functionality allowing a user to set their current ID to that of an administrator,...

Published
Aug 21, 2024
Patched Release
6.4
Affected Versions
Versions up to 6.3.0.1
Next Step
Update to 6.4 or newer if supported.
Open CVE-2024-28000 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3246
CVE-2024-3246: LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject ma...

Published
Jul 23, 2024
Patched Release
6.3
Affected Versions
Versions up to 6.2.0.1
Next Step
Update to 6.3 or newer if supported.
Open CVE-2024-3246 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-40000
CVE-2023-40000: LiteSpeed Cache <= 5.7 - Unauthenticated Stored Cross-Site Scripting via 'nameservers' and '_msg'

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nameservers' and '_msg' parameters in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attac...

Published
Feb 27, 2024
Patched Release
5.7.0.1
Affected Versions
Versions up to 5.7
Next Step
Update to 5.7.0.1 or newer if supported.
Open CVE-2023-40000 Report Open CVE Reference