Privilege Escalation
LiteSpeed Cache Vulnerability – Unauthenticated Privilege Escalation – CVE-2024-28000 | WordPress Plugin Vulnerability Report
Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 75,818,864 Active Installs: 5,000,000 Last Updated: August 21, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.3.0.1 Title: Unauthenticated Privilege Escalation Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-28000 CVSS Score: 9.8 Publicly…
Read MoreUser Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report
Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,655,257 Active Installs: 70,000 Last Updated: May 2, 2024 Patched Versions: 3.2.0 Affected Versions: <=3.1.5 Vulnerability Details: Name: User Registration – Custom Registration Form,…
Read MoreTutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report
Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February 20, 2024 Patched Versions: 2.6.1 Affected Versions: <= 2.6.0 Vulnerability 1 Details: Name: Tutor LMS <= 2.6.0 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-1133 CVSS Score: 4.3 (Medium) Publicly Published: February 20, 2024 Researcher: drop Description: The Tutor LMS – eLearning…
Read More