CVE-2024-44000

9.8

Critical

Published:20 Oct 2024

Last updated:17 Jun 2026

Source:audit@patchstack.com

Modified

Weakness (CWE)

CWE-522CWE-522

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.

Exploits

520992025-03-28webappsPHP

Litespeed Cache 6.5.0.1 - Authentication Bypass

By Caner Tercan

References

audit@patchstack.com

https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-5-0-1-unauthenticated-account-takeover-vulnerability?_s_id=cve