LiteSpeed Cache < 6.5.2 – Unauthenticated Privilege Escalation | CVE 2024-50550 | Plugin Vulnerabilities

Description

The plugin is vulnerable to privilege escalation This is due to the is_role_simulation() function not properly providing protection against unauthorized use of the function. This makes it possible for unauthenticated attackers to simulate roles such as administrators which provides elevated access to the site. Please note there are a lot of pre-requisites for this to be exploitable.

Affects Plugins

litespeed-cache

Fixed in 6.5.2

References

CVE

URL

https://patchstack.com/database/wordpress/plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-5-1-privilege-escalation-vulnerability?_s_id=cve

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

TaiYou

Verified

No

WPVDB ID

08fd20e1-0d42-4bd6-bcb3-8a7bec536fba

Timeline

Publicly Published

2024-10-29 (about 1 year ago)

Added

2024-12-19 (about 1 year ago)

Last Updated

2024-12-19 (about 1 year ago)

Other

Published

Title

Published

2017-11-12

Title

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution

Published

2023-10-17

Title

Themify Ultra < 7.3.6 - Privilege Escalation

Published

2026-03-12

Title

Xagio SEO – AI Powered SEO < 7.1.0.31 - Unauthenticated Privilege Escalation

Published

2024-12-11

Title

CE21 Suite < 2.2.1 - Unauthenticated Privilege Escalation

Published

2025-03-06

Title

School Management System for Wordpress <= 93.0.0 - Student+ Account Takeover and Privilege Escalation