CVE-2024-28000
published 2024-08-21CVE-2024-28000: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <=…
PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
67.92%
99.2th percentile
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| litespeed_technologies | litespeed_cache | <= 6.3.0.1 | — |
| litespeedtech | litespeed_cache | >= 1.9 < 6.4 | 6.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect brute-force attempts against the LiteSpeed Cache user simulation feature by monitoring for high-frequency requests carrying the 'litespeed_hash' and 'litespeed_role' cookies, particularly cycling through up to 1 million hash values. ↗
- →Alert on installation of new/unknown plugins by newly created administrator accounts on WordPress sites running LiteSpeed Cache <= 6.3.0.1, as this is a primary post-exploitation action. ↗
- →Check Point IPS signature available for this threat: 'WordPress LiteSpeed Cache Plugin Privilege Escalation (CVE-2024-28000)'. ↗
- ·Exploitation requires the LiteSpeed Cache crawler's role simulation feature to be enabled and the attacker must know or guess a valid Administrator-level user ID (user ID 1 succeeds on many default WordPress installations). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3cp9-7899-h8r7: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation
ghsa_unreviewed·2024-08-21
CVE-2024-28000 [CRITICAL] CWE-266 GHSA-3cp9-7899-h8r7: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
VulnCheck
LiteSpeed Cache Plugin Privilege Escalation Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-28000 [CRITICAL] LiteSpeed Cache Plugin Privilege Escalation Vulnerability
LiteSpeed Cache Plugin Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
Affected: LiteSpeed Technologies LiteSpeed Cache
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/litespeed-cache/litespeed-cache-6301-unauthenticated-privilege-escalation; https://app.crowdsec.net/cti/cve-explorer/CVE-2024-28000
Exploit PoC: https://vulncheck.com/xdb/386df3d14c76; https://vulncheck.com/xdb/ab75c9e64c82; https://vulnchec
No detection rules found.
Exploit-DB
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
exploitdb·2025-06-15·CVSS 9.8
CVE-2024-28000 [CRITICAL] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
---
# Exploit Title: Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
# Date: 2025-06-10
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: [email protected]
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Country: United Kingdom
# CVE : CVE-2024-28000
import requests
import random
import string
import concurrent.futures
# Configuration
target_url = 'http://example.com'
rest_api_endpoint = '/wp-json/wp/v2/users'
ajax_endpoint = '/wp-admin/admin-ajax.php'
admin_user_id = '1'
num_hash_attempts = 1000000
num_workers = 10
new_username = 'newadminuser' # Replace with desired username
new_user_password = 'NewAdminPassword123!' # Replace with a secure password
def mt_srand(seed=None):
"""
Mimics P
Nuclei
WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
nuclei·CVSS 9.8
CVE-2024-28000 [CRITICAL] WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
Template:
id: CVE-2024-28000
info:
name: WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
author: melmathari
severity: critical
description: |
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
impact: |
Unauthenticated attackers can escalate privileges to administrator level, gaining full control of the WordPress site.
remediation: |
Update LiteSpeed Cache pl
Bleepingcomputer
ACF plugin bug gives hackers admin on 50,000 WordPress sites
blogs_bleepingcomputer·2026-01-20·CVSS 9.8
[CRITICAL] ACF plugin bug gives hackers admin on 50,000 WordPress sites
## ACF plugin bug gives hackers admin on 50,000 WordPress sites
## Bill Toulas
A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions.
ACF Extended, currently active on 100,000 websites, is a specialized plugin that extends the capabilities of the Advanced Custom Fields (ACF) plugin with features for developers and advanced site builders.
The vulnerability, tracked as CVE-2025-14533, can be leveraged for admin privileges by abusing the plugin’s ‘Insert User / Update User’ form action, in versions of ACF Extended 0.9.2.1 and earlier.
The flaw arises from the lack of enforcement of role restrictions during form-based user creation or updates,
Bleepingcomputer
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
blogs_bleepingcomputer·2024-10-31·CVSS 9.8
CVE-2024-50550 [CRITICAL] LiteSpeed Cache WordPress plugin bug lets hackers get admin access
## LiteSpeed Cache WordPress plugin bug lets hackers get admin access
## Bill Toulas
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights.
LiteSpeed Cache is a caching plugin used by over six million WordPress sites, helping to speed up and improve user browsing experience.
The newly discovered high-severity flaw tracked as CVE-2024-50550 is caused by a weak hash check in the plugin's "role simulation" feature, designed to simulate user roles to aid the crawler in site scans from different user levels.
The feature's function ('is_role_simulation()') performs two primary checks using weak security hash values stored in cookies ('litespeed_
Bleepingcomputer
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
blogs_bleepingcomputer·2024-09-05·CVSS 9.8
CVE-2024-44000 [CRITICAL] LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
## LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
## Bill Toulas
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites.
The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack's Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the release of LiteSpeed Cache version 6.5.0.1.
## Debug feature writes cookies to file
The vulnerability is tied to the plugin's debug logging feature, which logs all HTTP response headers into a file, including the "Set-Cookie" header, when enabled.
Those headers contain session cookies used to authenticate users, so if an atta
Checkpoint
26th August – Threat Intelligence Report
blogs_checkpoint·2024-08-26
CVE-2024-28000 26th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Halliburton, a leading U.S. oilfield services firm, was hit by a cyberattack that forced the company to take certain systems offline to contain the breach. Hackers gained access to some of the company’s systems, prompting an ongoing investigation with the help of external contractors. No group has claimed responsibility for
Bleepingcomputer
Hackers are exploiting critical bug in LiteSpeed Cache plugin
blogs_bleepingcomputer·2024-08-22·CVSS 8.3
CVE-2024-28000 [HIGH] Hackers are exploiting critical bug in LiteSpeed Cache plugin
## Hackers are exploiting critical bug in LiteSpeed Cache plugin
## Bill Toulas
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public.
The security issue is tracked as CVE-2024-28000 and allows escalating privileges without authentication in all versions of the WordPress plugin up to 6.3.0.1.
The vulnerability stems from a weak hash check in the plugin’s user simulation feature which can be exploited by attackers brute-forcing the hash value to create rogue admin accounts.
This could lead to a complete takeover of the affected websites, allowing the installation of malicious plugins, altering critical settings, redirecting traffic to
Bleepingcomputer
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
blogs_bleepingcomputer·2024-08-21·CVSS 9.8
[CRITICAL] Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
## Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
## Sergiu Gatlan
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.
LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO.
The unauthenticated privilege escalation vulnerability ( CVE-2024-28000 ) was found in the plugin's user simulation feature and is caused by a weak hash check in LiteSpeed Cache up to and including version 6.3.0.1.
Security researcher John Blackbourn submitted the flaw to Patchstack's bug bounty program on August 1. The LiteSpeed team developed a pat
https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-3-0-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cvehttps://packetstorm.news/files/id/200819/https://thehackernews.com/2024/08/critical-flaw-in-wordpress-litespeed.html?m=1https://www.exploit-db.com/exploits/52328
2024-08-21
Published
Exploited in the wild