<ul><li>A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions.</li><li>The vulnerability is a stored cross-site scripting (XSS) issue impacting versions up to 6.5.0.2.</li><li>The flaw arises from improper sanitization of the “X-LSCACHE-VARY-VALUE” HTTP header, allowing arbitrary script injection.</li><li>The vulnerability was addressed in version 6.5.1 on September 25, 2024.</li></ul>

WordPress LiteSpeed Cache plugin flaw could allow site takeover

Discover more