Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
The vulnerability results from insufficient protection of stored or transmitted authentication data (CWE-522). An attacker can remotely, without authentication and without user interaction, obtain access to protected login credentials. Based on this, it is possible to bypass the authentication mechanism and perform unauthorized account takeover on the WordPress website.
An attacker can take over any user account on the WordPress website, including the administrator account, gaining full control over the site's content and configuration. As a result, further compromise of the environment is possible, including malware installation or data theft.
The LiteSpeed Cache plugin must be immediately updated to version 6.5.0.1 or later. The update can be performed directly from the WordPress admin panel or downloaded from the vendor's website. It is also recommended to review access logs to detect any potential unauthorized login attempts.
LiteSpeed Cache plugin for WordPress in versions from n/a to below 6.5.0.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLitespeedtech Litespeed Cache
APPLitespeedtech< 6.5.0.1
Related vulnerabilities
Privilege escalation bez uwierzytelnienia w LiteSpeed Cache dla WordPress
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows ...
Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Tr...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpee...
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cac...