CVE-2024-51915 is a stored Cross-site Scripting (XSS) vulnerability identified in LiteSpeed Technologies LiteSpeed Cache, affecting versions up to and including 6.5.2. The root cause is improper neutralization of input during web page generation, which allows malicious input to be stored and later rendered in a way that executes arbitrary JavaScript in the context of users visiting the affected web pages. This vulnerability requires an attacker to have at least limited privileges (PR:L) and involves user interaction (UI:R), such as a victim visiting a crafted page or content. The vulnerability impacts confidentiality, integrity, and availability, as attackers can steal session tokens, manipulate page content, or perform actions on behalf of users. The CVSS vector indicates network attack vector, low attack complexity, and privileges required, with a scope change (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. No public exploits are currently known, but the presence of stored XSS in a widely used caching plugin for web servers makes it a significant risk for websites using LiteSpeed Cache, especially those running WordPress or similar CMS platforms. The vulnerability was published in early 2026 and is tracked under CVE-2024-51915.

The impact of CVE-2024-51915 is substantial for organizations relying on LiteSpeed Cache for web acceleration and caching, particularly those running dynamic content management systems like WordPress. Successful exploitation can lead to session hijacking, enabling attackers to impersonate legitimate users, including administrators, potentially leading to full site compromise. Attackers may also deface websites, inject malicious scripts to distribute malware, or conduct phishing attacks by manipulating page content. The vulnerability affects confidentiality by exposing sensitive session data, integrity by allowing unauthorized content modification, and availability by potentially disrupting normal site operations. Although exploitation requires some privileges and user interaction, the widespread deployment of LiteSpeed Cache in hosting environments increases the attack surface. Organizations with high-traffic websites or those serving sensitive user data face increased reputational and operational risks if exploited.

To mitigate CVE-2024-51915, organizations should promptly update LiteSpeed Cache to a patched version once released by LiteSpeed Technologies. Until a patch is available, administrators should restrict user privileges to the minimum necessary to reduce the risk of malicious input submission. Implement strict input validation and sanitization on all user-supplied data before it is stored or rendered. Deploy Content Security Policies (CSP) to limit the execution of unauthorized scripts and reduce the impact of potential XSS payloads. Regularly audit and monitor web application logs for suspicious activities indicative of XSS attempts. Employ Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting LiteSpeed Cache. Additionally, educate users and administrators about the risks of clicking on untrusted links or content that could trigger stored XSS attacks. Finally, consider isolating or sandboxing critical administrative interfaces to minimize the scope of compromise.