Vulnerabilities > CVE-2024-28000 - Unspecified vulnerability in Litespeedtech Litespeed Cache

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

litespeedtech

critical

NVD

Published: 2024-08-21

Updated: 2025-03-07

Summary

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.

Vulnerable Configurations

Part	Description	Count
Application	Litespeedtech Litespeedtech Litespeed Cache *	1

References

https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve
https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-3-0-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve