September 5, 2024 By Bill Toulas
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites.
The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack's Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the release of LiteSpeed Cache version 6.5.0.1.
Debug feature writes cookies to file
The vulnerability is tied to the plugin's debug logging feature, which logs all HTTP response headers into a file, including the "Set-Cookie" header, when enabled.