WordPress LiteSpeed Cache Plugin Admin Access vulnerability

Date of Publish:22^nd Aug,2024

Severity : Critical

Affected versions

It impacts all versions of the Litespeed plugin, including and prior to 6.3.0.1.

Summary

A privilege escalation vulnerability flaw found in Litespeed plugin which could aloe remote attacker to take control of the affected system.

Description

A critical security flaw was found in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated attacker to gain administrator privileges.

LiteSpeed Cache is one of the most used caching plugins in WordPress with million active installations.

The privilege escalation vulnerability flaw occurs in plugin from an unauthenticated attacker  which allows any unauthenticated user to gain Administrator level access after which malicious plugins could be uploaded and installed,”

Recommendation/Solution

The vulnerability, tracked as (CVSS score: 9.8), has been patched in version 6.4 of the plugin

CVE Details

CVE-2024-28000

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 22-Aug-24 –  advisory published. — Update to version 6.4

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts