CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-44000

CVSS 9.8v3.1pub. 2024-10-20upd. 2026-04-23

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.

🤖 AI Analysis
How it works

The vulnerability results from insufficient protection of stored or transmitted authentication data (CWE-522). An attacker can remotely, without authentication and without user interaction, obtain access to protected login credentials. Based on this, it is possible to bypass the authentication mechanism and perform unauthorized account takeover on the WordPress website.

Impact

An attacker can take over any user account on the WordPress website, including the administrator account, gaining full control over the site's content and configuration. As a result, further compromise of the environment is possible, including malware installation or data theft.

Mitigation & patch

The LiteSpeed Cache plugin must be immediately updated to version 6.5.0.1 or later. The update can be performed directly from the WordPress admin panel or downloaded from the vendor's website. It is also recommended to review access logs to detect any potential unauthorized login attempts.

Who is affected

LiteSpeed Cache plugin for WordPress in versions from n/a to below 6.5.0.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Litespeedtech Litespeed Cache

    APP
    Litespeedtech
    < 6.5.0.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-28000CRITICAL9.8PL ✓ten sam produkt

Privilege escalation bez uwierzytelnienia w LiteSpeed Cache dla WordPress

CVE-2024-50550HIGH8.1ten sam produkt

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows ...

CVE-2024-47637HIGH8.8ten sam produkt

Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Tr...

CVE-2024-47374HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpee...

CVE-2023-45000HIGH8.2ten sam produkt

Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cac...