← back
CVE-2024-44000

WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability

CVSS 9.8 CRITICALEPSS 83.2%CWE-522
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
LiteSpeed Technologies · LiteSpeed Cache
public PoCs found5
githubgithub.com/absholi7ly/CVE-2024-44000-LiteSpeed-Cache16githubgithub.com/geniuszly/CVE-2024-440005githubgithub.com/ifqygazhar/CVE-2024-44000-LiteSpeed-Cache3githubgithub.com/gbrsh/CVE-2024-440000exploitdbwww.exploit-db.com/exploits/52099unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-5-0-1-unauthenticated-account-takeover-vulnerability?_s_id=cve