CVE-2024-47374

Name of the Vulnerable Software and Affected Versions LiteSpeed Cache versions through 6.5.0.2

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, which can be exploited by attackers to execute arbitrary JavaScript and potentially hijack accounts. The vulnerability affects over six million active installations of the LiteSpeed Cache plugin for WordPress. There have been reports of this issue being actively exploited.

Recommendations For versions through 6.5.0.2, update to version 6.5.1 to resolve the issue. As a temporary workaround, consider disabling the CSS Combine and Generate UCSS optimization settings to minimize the risk of exploitation. Restrict access to the vulnerable plugin until the update is applied.