CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-28000 – WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-28000
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. The LiteSpeed Cache plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.3.0.1. This is due to the plugin not properly restricting the role simulation functionality allowing a user to set their current ID to that of an administrator, if they have access to a valid hash which can be found in the debug logs or brute forced. This makes it possible for unauthenticated attackers to spoof their user ID to that of an administrator, and then create a new user account with the administrator role utilizing the /wp-json/wp/v2/users REST API endpoint. In some environments, the crawler may be disabled making this a non-exploitable issue in those instances. • https://github.com/arch1m3d/CVE-2024-28000 https://github.com/realbotnet/CVE-2024-28000 https://github.com/Alucard0x1/CVE-2024-28000 https://github.com/ebrasha/CVE-2024-28000 https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-3-0-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 5.0EPSS: 18%CPEs: 1EXPL: 1CVE-2007-5654 – Litespeed Web Server 3.2.3 - Source Code Disclosure
https://notcve.org/view.php?id=CVE-2007-5654
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." LiteSpeed Web Server anterior a 3.2.4 permite a atacantes remotos disparar la utilización de un tipo MIME de su elección para un archivo a través de una secuencia "%00." seguida de una nueva extensión, como se demostró con la lectura del código fuente PHP a través de respuestas para archivos .php%00.txt, también conocido como "Inyección tipo MIME". • https://www.exploit-db.com/exploits/4556 http://osvdb.org/41867 http://secunia.com/advisories/27302 http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html http://www.securityfocus.com/bid/26163 https://exchange.xforce.ibmcloud.com/vulnerabilities/37380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2005-3695 – Litespeed 2.1.5 - 'ConfMgr.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3695
Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. • https://www.exploit-db.com/exploits/26535 http://secunia.com/advisories/17587 http://securitytracker.com/id?1015234 http://www.osvdb.org/20908 http://www.securiteam.com/unixfocus/6S00I1FEKY.html http://www.securityfocus.com/bid/15485 http://www.vupen.com/english/advisories/2005/2457 •