A high-level vulnerability has been discovered in the WordPress LiteSpeed Cache plugin

Cybersecurity researchers have discovered another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts.
Tracked as CVE-2024-44000 (CVSS score: 7.5), the vulnerability affects versions of the LiteSpeed Cache plugin including version 6.4.1 and earlier.
The researchers found that “The plugin suffers from an unauthenticated account hijacking vulnerability, which allows any unauthenticated visitor, i.e. a logged-in user, to gain authentication privileges and, worst of all, gain administrator-level privileges will be, after which malicious plugins can be downloaded and installed.”
This vulnerability was discovered after extensive security analysis of the plugin, as a result of which a vulnerability (CVE-2024-28000 , CVSS score: 9.8) was recently discovered in the LiteSpeed Cache plugin. LiteSpeed Cache is a popular caching plugin for the WordPress ecosystem with over 5 million active installs. Approximately 4.5 million websites with LiteSpeed Cache may still not have this vulnerability patched.
The LiteSpeed Cache plugin provides website administrators with server-level Cache and various optimization features.

Computer Emergency
Response Team

Computer Emergency
Response Team

A high-level vulnerability has been discovered in the WordPress LiteSpeed Cache plugin

Hackers are attacking GitHub users using a sophisticated new Phishing tool called “GoIssue”

High-Level Vulnerabilities Identified in Fortinet Products

SAP Security Update: Patch for High Severity Vulnerabilities