This repository contains a Proof of Concept (PoC) for a critical privilege escalation vulnerability discovered in the LiteSpeed Cache WordPress plugin. The vulnerability, identified as CVE-2024-28000, allows unauthorized users to gain Administrator-level access to a WordPress site by exploiting a weak security hash.
The LiteSpeed Cache plugin's user simulation feature is protected by a security hash that is weak and predictable. This PoC demonstrates how an attacker can brute-force the security hash, gaining access to Administrator privileges on a targeted WordPress site.
- Generate Google Dork based on domain extension and automatically open it in the browser.
- Implemented version check for the LiteSpeed Cache plugin.
- Added the ability to check for the presence of the LiteSpeed Cache plugin.
- .NET 8
- Newtonsoft.Json
There are no specific prerequisites needed to run this PoC.
To download the executable versions of this PoC, please visit the official Releases page on GitHub. This will allow you to obtain the compiled version ready for use:
To use this PoC, simply run the executable and provide the target URL, desired admin username, and password. The exploit will attempt to brute-force the security hash to gain administrator access.
If successful, the PoC allows unauthenticated users to gain Administrator-level access to a WordPress site by brute-forcing a weak security hash used in the plugin.
The vulnerability has been patched in LiteSpeed Cache plugin version 6.4 and above. It is strongly recommended to update to the latest version to avoid this exploit.
- Bug Founder: John Blackbourn
- Profile on Patchstack
If you find this project helpful and would like to support further development, please consider making a donation:
Handcrafted with Passion by Ebrahim Shafiei (EbraSha)
- E-Mail: Prof.Shafiei@Gmail.com
- Telegram: @ProfShafiei
If you encounter any issues or have configuration problems, please reach out via email at Prof.Shafiei@Gmail.com. You can also report issues on GitLab or GitHub.
This Proof of Concept (PoC) is provided for educational purposes only. Unauthorized use of this code on systems you do not own or have explicit permission to test is illegal and unethical. By using this PoC, you agree to take full responsibility for any misuse or damage that may result. The author disclaims all liability for actions taken based on the information provided in this repository. Always ensure you have proper authorization before conducting any security testing.