Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.

The WordPress LiteSpeed Cache Plugin installed on the remote host is affected by an unauthenticated sensitive information exposure via log files.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The WordPress application running on the remote host has a version of the 'LiteSpeed Cache' plugin that is prior to 6.5.0.1. It is, therefore, affected by an unauthenticated account takeover vulnerability. The plugin suffers from an unauthenticated account takeover vulnerability which allows any unauthenticated visitor to gain authentication access to any logged-in users and at worst can gain access to an Administrator level role after which malicious plugins could be uploaded and installed.  

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
114440	LiteSpeed Cache Plugin for WordPress < 6.5.0.1 Sensitive Information Exposure	Web App Scanning	Component Vulnerability	critical
206971	WordPress Plugin 'LiteSpeed Cache' < 6.5.0.1. Unauthenticated Account Takeover	Nessus	CGI abuses	critical

Detections

Analytics

CVE-2024-44000

critical

Tenable Plugins

critical

critical