What is the CVSS score of CVE-2024-44000?

CVE-2024-44000 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 93.1%.

Which versions of LiteSpeed Cache are affected by CVE-2024-44000?

The LiteSpeed Cache WordPress plugin (versions before 6.5.0.1) contains a critical authentication bypass enabling attackers to hijack administrator sessions and fully compromise affected sites using…

Is there a public PoC exploit available for CVE-2024-44000?

Yes, a public proof-of-concept exploit is available for CVE-2024-44000. Prioritise patching immediately. EPSS: 93.1%.

How to fix or mitigate CVE-2024-44000?

Within 24 hours: Inventory all WordPress installations using LiteSpeed Cache; identify systems running versions prior to 6.5.0.1; assess business criticality and data exposure of affected sites. Within 7 days: Either disable the vulnerable plugin (implement alternative caching via server-level measures or replacement plugins) or deploy emergency mitigations (restrict admin access by IP range, enforce multi-factor authentication on all administrator accounts, enable comprehensive session monitoring). Within 30 days: Upgrade to LiteSpeed Cache version 6.5.0.1 or later once vendor releases the patch, or complete migration to alternative caching solutions; establish continuous vulnerability monitoring for all installed plugins.

LiteSpeed Cache CVE-2024-44000

CRITICAL

Insufficiently Protected Credentials (CWE-522)

2024-10-20 audit@patchstack.com

Authentication Bypass

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Apr 01, 2026 - 16:17 vuln.today

Public exploit code

CVE Published

Oct 20, 2024 - 12:15 nvd

CRITICAL 9.8

DescriptionNVD

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.

AnalysisAI

Authentication bypass in the LiteSpeed Cache WordPress plugin (versions prior to 6.5.0.1) allows unauthenticated remote attackers to hijack logged-in sessions, including administrator accounts, by recovering weakly protected session credentials. With a 93.13% EPSS score (100th percentile) and publicly available exploit code, this is among the most likely-to-be-exploited vulnerabilities currently tracked. Successful exploitation yields full WordPress site takeover.

Technical ContextAI

LiteSpeed Cache is a widely deployed WordPress caching plugin (CPE cpe:2.3:a:litespeedtech:litespeed_cache) installed on millions of sites. The root cause is CWE-522 (Insufficiently Protected Credentials): the plugin writes user session/hash information into debug log files that are stored in a web-accessible location with insufficient protection, and the hash space used to identify sessions is small enough to be brute-forced. An attacker who can read these artifacts can recover a valid session identifier for any logged-in user, including administrators, and replay it to impersonate that user.

RemediationAI

Vendor-released patch: upgrade LiteSpeed Cache to version 6.5.0.1 or later via the WordPress plugin updater or by replacing the plugin directory from the official WordPress.org repository. Until the upgrade is applied, compensating controls include disabling the plugin's debug logging feature (which removes the source of the leaked session data, at the cost of losing diagnostic logging), blocking external HTTP access to wp-content/debug.log and the plugin's log directory at the web-server or WAF layer (which prevents remote retrieval of the credential material but does not address local-file disclosure paths), and rotating any potentially exposed administrator sessions by forcing logouts and resetting authentication keys/salts in wp-config.php (which will invalidate any session tokens an attacker may have already harvested but will log out legitimate users). Refer to the Patchstack advisory for the formal write-up.

CVE-2024-44000 vulnerability details – vuln.today

Back

LiteSpeed Cache CVE-2024-44000

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code