When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The vulnerability, described as site-wide stored XSS flaw, can be exploited by performing a single HTTP request.
It is now tracked as CVE-2023-40000.
This case also combined with improper access control on one of the available REST API endpoints from the plugin.
Since the discovery, LiteSpeed Caches developers released a patch.
The patch became available in October last year.
The latest version, 6.1, was released on February 5, The Hacker News reported.
WordPress is the worlds number onewebsite builder, powering roughly half of the global internet.
