October 31, 2024 at 12:50PM The LiteSpeed Cache plugin for WordPress fixed a high-severity privilege elevation flaw (CVE-2024-50550) enabling unauthenticated users to gain admin rights. The vulnerability stemmed from weak hash checks in the role simulation feature. A patch was released on October 17, 2024, but millions remain potentially exposed. ### Meeting Takeaways: 1. **Vulnerability … Read more
October 31, 2024 at 06:32AM A critical unauthenticated privilege escalation vulnerability (CVE-2024-50550) has been discovered in the LiteSpeed Cache plugin for WordPress, allowing unauthorized users to gain admin access. The flaw has been patched in version 6.5.2. Users are urged to stay informed on plugin updates due to ongoing WordPress repository changes. ### Meeting Takeaways … Read more
October 8, 2024 at 08:36AM A popular WordPress plug-in, LiteSpeed Cache, containing a cross-site scripting flaw (CVE-2024-47374), has been exploited by attackers, potentially enabling privilege escalation and malicious code installation on affected websites. A simple patch has been issued by Patchstack, allowing administrators to update to the fixed version 6.5.1 immediately to prevent vulnerabilities. After … Read more
October 4, 2024 at 06:00AM A high-severity security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-47374) allows for arbitrary JavaScript code execution. The flaw was patched in version 6.5.1 on September 25, 2024, after being responsibly disclosed. This vulnerability could enable privilege escalation and affects all versions up to 6.5.0.2, potentially impacting the over … Read more
September 6, 2024 at 06:30AM A critical vulnerability, CVE-2024-44000, was discovered in the LiteSpeed Cache plugin for WordPress, allowing attackers to potentially take over websites by retrieving and using stored user cookies. The flaw was identified and reported by Patchstack, who emphasized the importance of securing the debug log process. The issue was resolved with … Read more
September 6, 2024 at 03:27AM A critical security flaw (CVE-2024-44000) has been found in LiteSpeed Cache plugin for WordPress, affecting versions up to 6.4.1. Unauthenticated users could take control of arbitrary accounts. The vulnerability, resolved in version 6.5.0.1, stems from a publicly exposed debug log file. Users are urged to check for the file and … Read more
September 5, 2024 at 02:03PM A critical vulnerability was found in LiteSpeed Cache, a popular caching plugin for over 6 million WordPress sites. This flaw could impact user browsing speed. Based on the meeting notes, it appears that a critical severity vulnerability has been found in LiteSpeed Cache, a caching plugin used in over 6 … Read more
August 23, 2024 at 01:32AM Hackers are exploiting a critical vulnerability in LiteSpeed Cache, a WordPress plugin for speeding up response times, just one day after the technical details were made public. Based on the meeting notes, it is imperative to take immediate action to address the critical severity vulnerability in LiteSpeed Cache, a WordPress … Read more
August 22, 2024 at 06:21AM A critical security vulnerability in the Litespeed Cache plugin, affecting more than 5 million WordPress websites, allows unauthenticated attackers to gain administrator privileges. The bug bounty program of Patchstack disclosed this vulnerability, leading to a $14,400 reward for the researcher. Although a fix has been issued, around 2 million websites … Read more
August 22, 2024 at 02:00AM A critical security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-28000, CVSS score: 9.8) could allow unauthenticated users to gain administrator privileges. It has been patched in version 6.4 released on August 13, 2024. This vulnerability underscores the importance of strong and unpredictable security hashes or nonces in web … Read more