LiteSpeed Cache < 6.5.0.1 – Unauthenticated Sensitive Information Exposure via Log Files | CVE 2024-44000 | Plugin Vulnerabilities

Description

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log file. The log file may contain user cookies making it possible for an attacker to log in with any session that is actively valid and exposed in the log file. Note: the debug feature must be enabled for this to be a concern and this feature is disabled by default.

Affects Plugins

litespeed-cache

Fixed in 6.5.0.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/31173691-28fb-46fd-a7da-28bf9c46e2bc

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

3472ac75-2168-4fec-b68d-e208e300c5e4

Timeline

Publicly Published

2024-09-05 (about 1 year ago)

Added

2024-09-10 (about 1 year ago)

Last Updated

2024-09-10 (about 1 year ago)

Other

Published

Title

Published

2024-06-05

Title

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.110 - Authenticated (Contributor+) Information Exposure

Published

2024-08-08

Title

My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure

Published

2025-12-11

Title

Guest Support < 1.3.0 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint

Published

2025-12-12

Title

Export WP Page to Static HTML & PDF < 5.0.0 - Unauthenticated Cookie Exposure via Log File

Published

2024-06-06

Title

FileOrganizer < 1.0.8 - Sensitive Information Exposure via Directory Listing