CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 7CVE-2024-28000 – WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-28000
21 Aug 2024 — Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. The LiteSpeed Cache plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.3.0.1. This is due to the plugin not properly restricting the role simulation functionality allowing a user to set their current ID to that of an administrator, if they have access to a valid hash whi... • https://packetstorm.news/files/id/180423 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 1CVE-2007-5654 – Litespeed Web Server 3.2.3 - Source Code Disclosure
https://notcve.org/view.php?id=CVE-2007-5654
23 Oct 2007 — LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." LiteSpeed Web Server anterior a 3.2.4 permite a atacantes remotos disparar la utilización de un tipo MIME de su elección para un archivo a través de una secuencia "%00." seguida de una nueva extensión, como se demostró con la lectura del código ... • https://www.exploit-db.com/exploits/4556 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2005-3695 – Litespeed 2.1.5 - 'ConfMgr.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3695
20 Nov 2005 — Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. • https://www.exploit-db.com/exploits/26535 •