Main Vulnerability Database SB2024082340

SB2024082340 - Incorrect Privilege Assignment in LiteSpeed Technologies LiteSpeed Cache plugin for WordPress

Published: August 23, 2024 Updated: September 13, 2024

Security Bulletin ID SB2024082340

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect Privilege Assignment (CVE-ID: CVE-2024-28000)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a weak security hash in a user simulation feature. A remote attacker can gain elevated privileges on the target system.

Remediation

Install update from vendor's website.

References

https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-3-0-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve