Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2024-28000
PUBLISHEDWordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
- Vendor
- LiteSpeed Technologies
- Product
- LiteSpeed Cache
- Published
- Aug 21, 2024
- EPSS
- 55.3% · 98% pctl
Description
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Proof of concept available
Recorded 2024-08-25 16:57:24 UTC · Source
SSVC decision points
- Exploitation
- poc
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| Wordfence | Aug 21, 2024 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-28000.yaml | Jun 01, 2026 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-09-10 08:16:16 UTC · 4 stars
CVE-2024-28000 Exploit for litespeed-cache =<6.3 allows Privilege Escalation with creation of administrator account
github · Created 2024-08-27 07:20:44 UTC · 5 stars
PoC for the CVE-2024 Litespeed Cache Privilege Escalation
github · Created 2024-08-25 16:57:24 UTC · 3 stars
LiteSpeed Cache Privilege Escalation PoC - CVE-2024-28000
github · Created 2024-08-24 05:12:56 UTC · 17 stars
LiteSpeed Cache Privilege Escalation PoC
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Detected by Nuclei