CVE-2024-9169
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-9169 identifies a vulnerability in the LiteSpeed Cache plugin for WordPress, affecting all versions up to and including 6.4.1, which allows for Stored Cross-Site Scripting due to insufficient input sanitization. This vulnerability primarily affects multi-site installations and those where unfiltered_html is disabled, permitting authenticated attackers with administrator-level permissions to inject malicious scripts into web pages. The potential danger poses a risk of arbitrary script execution when users access compromised pages, impacting user integrity and confidentiality with a medium severity rating (Base Score: 5.5). To remediate this issue, it is recommended that organizations update the LiteSpeed Cache plugin to the latest version where this vulnerability has been addressed. Additionally, reviewing user permissions and sanitizing inputs can further mitigate the risks associated with this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.