Incorrect Privilege Assignment vulnerability in LiteSpeed Cache allows Privilege Escalation
Key Information
- Vendor
- Litespeed Technologies
- Status
- Litespeed Cache
- Vendor
- CVE Published:
- 21 August 2024
Badges
Summary
The CVE-2024-28000 vulnerability is found in the widely-used LiteSpeed Cache Plugin for WordPress websites, allowing unauthenticated users to gain administrator-level access and create new user accounts with the administrator role. This critical privilege escalation vulnerability has a high CVSS score of 9.8 and has been patched in version 6.4 of the plugin. It is advised to update the plugin immediately to protect against potential exploitation. The vulnerability stems from the plugin’s user simulation feature and poses a significant risk to the security of WordPress websites. Although it has not been exploited by ransomware groups, researchers have warned that active exploitation is likely to occur soon.
Affected Version(s)
LiteSpeed Cache <= 6.3.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
WP Tavern CVSS V3.1
Timeline
- đź‘ľ
Exploit exists.
First article discovered by WP Tavern
Vulnerability published.
Vulnerability Reserved.