9.8
CVE-2024-50550
- EPSS 0.91%
- Veröffentlicht 29.10.2024 10:15:04
- Zuletzt bearbeitet 23.04.2026 15:20:10
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability
LiteSpeed Cache <= 6.5.1 - Unauthenticated Privilege Escalation
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.
Mögliche Gegenmaßnahme
LiteSpeed Cache: Update to version 6.5.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Litespeedtech ≫ Litespeed Cache SwPlatformwordpress Version < 6.5.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
LiteSpeed Cache
Version
*-6.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.91% | 0.554 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-5-1-privilege-escalation-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/91365d3b-8e93-4202-8d44-9d217aaae0a4