CVE-2024-47374 in LiteSpeed Cache Plugin
Summary
by MITRE • 10/05/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/05/2026
The CVE-2024-47374 vulnerability represents a critical cross-site scripting flaw within LiteSpeed Technologies LiteSpeed Cache plugin, specifically impacting versions through 6.5.0.2. This vulnerability falls under the CWE-79 category of Cross-Site Scripting and operates as a stored XSS attack vector that can persistently compromise user sessions and data integrity. The flaw manifests when the plugin fails to properly sanitize user input during web page generation processes, creating an avenue for malicious actors to inject persistent script code into the application's response. The vulnerability exists in the plugin's handling of user-provided data within its caching mechanisms, where input validation and output encoding are insufficient to prevent malicious script execution.
The technical exploitation of this vulnerability occurs when an attacker can inject malicious JavaScript code through input fields or parameters that are subsequently stored within the plugin's caching system. When other users access pages that retrieve this cached data, the malicious script executes in their browsers, potentially stealing session cookies, performing unauthorized actions, or redirecting users to malicious sites. The stored nature of this XSS vulnerability means that the malicious payload persists even after the initial injection, making it particularly dangerous as it can affect multiple users over extended periods. The vulnerability impacts the plugin's web page generation capabilities, specifically targeting the sanitization processes that should occur during content caching and delivery operations.
The operational impact of CVE-2024-47374 extends beyond simple script execution, potentially enabling complete session hijacking, data exfiltration, and privilege escalation within the affected WordPress environment. Attackers can leverage this vulnerability to establish persistent backdoors, steal administrator credentials, or manipulate cached content to spread malware across the entire website. The vulnerability directly violates security principles outlined in the OWASP Top Ten and aligns with ATT&CK technique T1566 for Phishing and T1071 for Application Layer Protocol usage. Organizations running affected versions of LiteSpeed Cache face significant risk of unauthorized access, data breaches, and potential compromise of their entire WordPress infrastructure, as the cached content serves as a persistent vector for attack execution.
Mitigation strategies for this vulnerability should prioritize immediate plugin updates to versions that address the XSS flaw, as well as implementing additional security measures such as web application firewalls and input validation layers. Organizations should conduct thorough security assessments of their cached content and implement proper output encoding for all user-provided data within the plugin's caching system. The remediation process should include monitoring for suspicious cached content and establishing automated scanning procedures to detect potential exploitation attempts. Security teams should also review their existing XSS prevention measures and ensure that all input validation occurs at multiple layers of the application stack. This vulnerability serves as a reminder of the critical importance of proper input sanitization in web applications and the potential consequences of inadequate security controls in content management systems.