.png)
1 month ago
28 BOOK THIS SPACE FOR AD
ARTICLE ADCVE-2024–44000 is an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when and only when the Debug Logging feature is enabled, the plugin will log cookies from HTTP traffic including valid admin cookies to the /wp-content/debug.log endpoint which is accessible without authentication.
The Debug Logging feature in the plugin is not enabled by default. Running a production wordpress site with debug logging enabled is probably not something someone would do intentionally however with 6 million active installations I’m sure it’s happening. Here is an excerpt from a vulnerable instance’s debug.log where an admin cookie can be found.
CVE-2024–44000 is a critical vulnerability in the LiteSpeed Cache plugin for WordPress, allowing unauthenticated account takeover through cookie theft from the debug log, which may be publicly accessible if debug logging is enabled. This vulnerability poses significant risks to WordPress installations using this plugin, particularly affecting confidentiality and access control.
Severity: High CVSS
Bengali (Bangladesh) · 
English (United States) ·