Friendica Social Network (Leipzig) | Search

Suche

Beiträge, die mit flaw getaggt sind

Olly 👾

1 Woche her

Olly 👾
1 Woche her

LiteSpeed Cache Plugin Vulnerability poses significant Risk to WordPress Websites.

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated actors to gain admin rights.

[CVE-2024-50550 CVSS score: 8.1]

https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/

#wordpress #litespeed #flaw #it #security #privacy #engineer #media #tech #news

LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It's installed on over six million sites.

The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August 2024 (CVE-2024-28000, CVSS score: 9.8).

It stems from the use of a weak security hash check that could be brute-forced by a bad actor, thus allowing for the crawler feature to be abused to simulate a logged-in user, including an administrator.

The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin.

<https://wordpress.org/plugins/litespeed-cache/>

Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin - Patchstack

A vulnerability in LiteSpeed Cache allowed unauthorized admin access; fixed in version 6.5.2, with Patchstack users automatically protected.

^{Rafie Muhammad (Patchstack)}

#news #privacy #tech #wordpress #media #security #it #engineer #litespeed #flaw

Bitte warten

Im Zusammenhang betrachten

⇧