CVE-2024-28000 – WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability

https://notcve.org/view.php?id=CVE-2024-28000

21 Aug 2024 — Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. The LiteSpeed Cache plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.3.0.1. This is due to the plugin not properly restricting the role simulation functionality allowing a user to set their current ID to that of an administrator, if they have access to a valid hash whi... • https://packetstorm.news/files/id/180423 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •