What is the CVSS score of CVE-2024-28000?

CVE-2024-28000 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 88.8%.

Which versions of LiteSpeed Cache are affected by CVE-2024-28000?

The LiteSpeed Cache plugin for WordPress (versions through 6.3.0.1) contains a critical privilege escalation vulnerability (CVE-2024-28000, CVSS 9.8) allowing unauthenticated attackers to forge…

Is there a public PoC exploit available for CVE-2024-28000?

Yes, a public proof-of-concept exploit is available for CVE-2024-28000. Prioritise patching immediately. EPSS: 88.8%.

How to fix or mitigate CVE-2024-28000?

Within 24 hours: Conduct complete inventory of WordPress installations using LiteSpeed Cache versions 6.3.0.1 and earlier; classify by business criticality and internet exposure. Within 7 days: Immediately disable LiteSpeed Cache plugin on all affected systems; deploy WAF rules blocking exploitation patterns targeting the weak hash verification; audit all administrator account activity logs for unauthorized access. Within 30 days: Migrate to alternative caching solutions or upgrade to patched LiteSpeed Cache version when released; perform comprehensive security review of affected systems; restore from clean backups if compromise is suspected.

LiteSpeed Cache CVE-2024-28000

CRITICAL

Incorrect Privilege Assignment (CWE-266)

2024-08-21 audit@patchstack.com

Information Disclosure

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

DescriptionNVD

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.

AnalysisAI

Privilege escalation in LiteSpeed Cache plugin for WordPress (versions up to and including 6.3.0.1) allows unauthenticated remote attackers to forge user identities and gain administrator-level access by exploiting a weak hash check in the plugin's user simulation feature. Publicly available exploit code exists, and the EPSS score of 88.85% (100th percentile) indicates extremely high likelihood of exploitation activity. The vulnerability stems from predictable security hash values that can be brute-forced to impersonate any logged-in user, including administrators.

Technical ContextAI

LiteSpeed Cache is one of the most widely deployed WordPress performance plugins, used on millions of sites to provide page caching, image optimization, and CDN integration. The CPE identifier cpe:2.3:a:litespeedtech:litespeed_cache confirms the affected component is the WordPress plugin distributed by LiteSpeed Technologies. The root cause, classified as CWE-266 (Incorrect Privilege Assignment), lies in the plugin's crawler feature, which simulates logged-in users to generate cached pages. The simulation relies on a security hash that has a limited range of possible values (approximately one million), making it feasible to brute-force and impersonate privileged WordPress users including administrators.

RemediationAI

Vendor-released patch: upgrade LiteSpeed Cache to version 6.4 or later, which addresses the weak hash check by strengthening the security hash generation in the user simulation logic. WordPress administrators should update immediately through the WordPress plugin dashboard or by downloading the latest release from the LiteSpeed Cache plugin page on WordPress.org. If patching cannot be done immediately, compensating controls include temporarily deactivating the LiteSpeed Cache plugin (this will eliminate page caching benefits and may significantly impact site performance) or restricting access to the WordPress admin interface and plugin REST endpoints via IP allowlisting at the web server or WAF layer (this may break legitimate admin workflows from dynamic IPs). Additionally, review WordPress user lists for unexpected administrator accounts and rotate credentials for existing admin users.

CVE-2024-28000 vulnerability details – vuln.today

Back

LiteSpeed Cache CVE-2024-28000

CVSS VectorNVD

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code