LiteSpeed Cache: Malicious Code Can Be Injected into Websites

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

LiteSpeed Cache: Malicious Code Can Be Injected into Websites

CVE-2024-51915

Summary

A security issue in LiteSpeed Cache could allow an attacker to inject malicious code into websites using the plugin, which could then be executed by visitors to those sites. This could potentially lead to unauthorized actions or data theft. To protect your site, update LiteSpeed Cache to a version newer than 6.5.2.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects Lit...

Original description

nvd CVSS3.1 6.5

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/w...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026