← back
CVE-2024-28000

WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability

CVSS 9.8 CRITICALEPSS 67.9%CWE-266
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
LiteSpeed Technologies · LiteSpeed Cache
public PoCs found7
githubgithub.com/Alucard0x1/CVE-2024-2800023githubgithub.com/arch1m3d/CVE-2024-280007githubgithub.com/ebrasha/CVE-2024-280005githubgithub.com/JohnDoeAnonITA/CVE-2024-280005githubgithub.com/SSSSuperX/CVE-2024-280001cve_referencepacketstorm.news/files/id/200819/unverifiedcve_referencewww.exploit-db.com/exploits/52328unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://packetstorm.news/files/id/200819/https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-3-0-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cvehttps://thehackernews.com/2024/08/critical-flaw-in-wordpress-litespeed.html?m=1https://www.exploit-db.com/exploits/52328