WordPress LiteSpeed Cache and Icegram Express plugin security update advisory

May 09 2024

Overview

We have released updates to fix vulnerabilities in the WordPress LiteSpeed Cache and Icegram Express plugins. users of affected versions are advised to update to the latest version.

Affected Products

CVE-2023-40000

WordPress LiteSpeed Cache plugin version: <= 5.7

CVE-2024-2876

WordPress Icegram Express plugin version: <= 5.7.14

Resolved Vulnerabilities

XSS Vulnerability in LiteSpeed Cache in WordPress (CVE-2023-40000) [1]

SQL Injection Vulnerability in Icegram Express in WordPress (CVE-2024-2876) [2]

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2023-40000

WordPress LiteSpeed Cache plugin version: 5.7.0.1

CVE-2024-2876

WordPress Icegram Express plugin version: 5.7.15

Referenced Sites

[1] https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/litespeed-cache/litespeed-cache-57-reflected-cross-site-scripting-via-nameservers-and-msg

[2] https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-subscribers/icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-5714-unauthenticated-sql-injection

[3] https://wordpress.org/plugins/litespeed-cache/

[4] https://wordpress.org/plugins/email-subscribers/

WordPress LiteSpeed Cache and Icegram Express plugin security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Xml-crypto package security update advisory

React-pdf package security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Xml-crypto package security update advisory

React-pdf package security update advisory