CVE-2024-28000
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- February 29, 2024
- Published Date
- August 21, 2024
- Last Updated
- August 21, 2024
- Vendor
- LiteSpeed Technologies
- Product
- LiteSpeed Cache
- Description
- Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
- Tags
- Score
- 55.27% (Percentile: 97.89%) as of 2025-05-12
- Exploitation
- poc
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2024-08-21 07:11:12 UTC) Source
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| Wordfence | 2024-08-21 07:11:12 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
JohnDoeAnonITA/CVE-2024-28000
Type: github • Created: 2024-09-10 08:16:16 UTC • Stars: 4
arch1m3d/CVE-2024-28000
Type: github • Created: 2024-08-27 07:20:44 UTC • Stars: 5
ebrasha/CVE-2024-28000
Type: github • Created: 2024-08-25 16:57:24 UTC • Stars: 3
Alucard0x1/CVE-2024-28000
Type: github • Created: 2024-08-24 05:12:56 UTC • Stars: 17
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public