HIGH
litespeedtech
CVE published 2026-05-27
CVE-2026-3375
CVE-2026-3375 is a stored cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin for WordPress, affecting versions up to and including 7.7. The vulnerability exists in two REST API endpoints—/wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss—which accept CSS content from QUIC.cloud callback notifications and store it to disk without sanitization. The stored content is [truncated]