September 6, 2024 at 06:30AM A critical vulnerability, CVE-2024-44000, was discovered in the LiteSpeed Cache plugin for WordPress, allowing attackers to potentially take over websites by retrieving and using stored user cookies. The flaw was identified and reported by Patchstack, who emphasized the importance of securing the debug log process. The issue was resolved with … Read more
September 6, 2024 at 03:27AM A critical security flaw (CVE-2024-44000) has been found in LiteSpeed Cache plugin for WordPress, affecting versions up to 6.4.1. Unauthenticated users could take control of arbitrary accounts. The vulnerability, resolved in version 6.5.0.1, stems from a publicly exposed debug log file. Users are urged to check for the file and … Read more
September 5, 2024 at 02:03PM A critical vulnerability was found in LiteSpeed Cache, a popular caching plugin for over 6 million WordPress sites. This flaw could impact user browsing speed. Based on the meeting notes, it appears that a critical severity vulnerability has been found in LiteSpeed Cache, a caching plugin used in over 6 … Read more
August 23, 2024 at 01:32AM Hackers are exploiting a critical vulnerability in LiteSpeed Cache, a WordPress plugin for speeding up response times, just one day after the technical details were made public. Based on the meeting notes, it is imperative to take immediate action to address the critical severity vulnerability in LiteSpeed Cache, a WordPress … Read more
August 22, 2024 at 06:21AM A critical security vulnerability in the Litespeed Cache plugin, affecting more than 5 million WordPress websites, allows unauthenticated attackers to gain administrator privileges. The bug bounty program of Patchstack disclosed this vulnerability, leading to a $14,400 reward for the researcher. Although a fix has been issued, around 2 million websites … Read more
August 22, 2024 at 02:00AM A critical security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-28000, CVSS score: 9.8) could allow unauthenticated users to gain administrator privileges. It has been patched in version 6.4 released on August 13, 2024. This vulnerability underscores the importance of strong and unpredictable security hashes or nonces in web … Read more
August 21, 2024 at 01:27PM A critical vulnerability in the LiteSpeed Cache WordPress plugin allows attackers to create rogue admin accounts, potentially compromising millions of websites. Based on the meeting notes, it appears that a critical vulnerability has been identified in the LiteSpeed Cache WordPress plugin, which could potentially allow attackers to take over millions … Read more
May 8, 2024 at 04:28AM A high-severity vulnerability (CVE-2023-40000, CVSS score: 8.3) in the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts. The flaw, which allows for stored cross-site scripting, was disclosed in February 2024 and fixed in version 5.7.0.1. Users are urged to update and … Read more
May 7, 2024 at 05:48PM Hackers are exploiting vulnerabilities in outdated LiteSpeed Cache and Email Subscribers plugins for WordPress, creating rogue admin users and compromising sites. An unauthenticated cross-site scripting flaw, CVE-2023-40000, affects LiteSpeed Cache versions older than 5.7.0.1, while Email Subscribers plugin versions 5.7.14 and older are vulnerable to a critical SQL injection flaw, … Read more
February 27, 2024 at 09:57AM A security vulnerability in LiteSpeed Cache plugin for WordPress (CVE-2023-40000) allows unauthenticated users to elevate privileges. Patchstack researcher Rafie Muhammad mentioned potential information theft and privilege escalation. The issue was fixed in version 5.7.0.1, and the latest version is 6.1, released on February 5, 2024. This follows Wordfence’s discovery of … Read more