Security News > 2024 > September > Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
2024-09-06 06:35
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1. "The plugin suffers from an
News URL
https://thehackernews.com/2024/09/critical-security-flaw-found-in.html
Related news
- WordPress plugin disguised as a security tool injects backdoor (source)
- Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers (source)
- Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals (source)
- Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-20 | CVE-2024-44000 | Insufficiently Protected Credentials vulnerability in Litespeedtech Litespeed Cache Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. | 9.8 |