CVE-2024-44000

Name of the Vulnerable Software and Affected Versions LiteSpeed Cache versions prior to 6.5.0.1

Description The issue is related to insufficiently protected credentials, allowing authentication bypass. This vulnerability can be exploited by attackers to gain unauthorized access to user sessions, potentially escalating their access to administrator-level roles. The estimated number of potentially affected devices worldwide is in the millions, with over 6 million WordPress sites potentially at risk. There have been reports of real-world incidents where this issue was exploited, allowing attackers to take control of arbitrary accounts.

Technical details about exploitation include the exposure of debug logs, which can be used by attackers to gain access to user sessions. The wp-content/debug.log file is specifically mentioned as a vulnerable endpoint.

Recommendations To resolve the issue, update to version 6.5.0.1 or later. As a temporary workaround, consider disabling the debug log feature to prevent exposure of sensitive information. Restrict access to the wp-content/debug.log file to minimize the risk of exploitation. Purge old logs to prevent them from being exploited.