Rewterz

ICS: Multiple Rockwell Automation ThinManager ThinServer Zero-Day Vulnerabilities

August 27, 2024
Rewterz

DarkGate Malware – Active IOCs

August 27, 2024

CVE-2024-28000 – WordPress LiteSpeed Technologies LiteSpeed Cache Plugin Vulnerability

Severity

High

Analysis Summary

CVE-2024-28000

LiteSpeed Technologies LiteSpeed Cache Plugin for WordPress could allow a remote attacker to gain elevated privileges on the system, caused by a weak security hash in a user simulation feature. By sending a specially crafted POST request, an attacker could exploit this vulnerability to gain Administrator level access after which malicious plugins could be uploaded and installed.

Impact

  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-28000

Affected Vendors

WordPress

Affected Products

  • LiteSpeed Technologies LiteSpeed Cache for WP

Remediation

Upgrade to the latest version of LiteSpeed Cache Plugin for WordPress, available from the LiteSpeed Technologies Website.

LiteSpeed Technologies Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.