LiteSpeed Cache Privilege Escalation PoC – CVE-2024-28000 This repository contains a Proof of Concept (PoC) script for exploiting a privilege escalation vulnerability in the LiteSpeed Cache WordPress plugin. The vulnerability, identified as CVE-2024-28000, allows unauthenticated users to gain Administrator-level access to a WordPress site by brute-forcing a weak security hash used in the plugin. Vulnerability Overview The LiteSpeed Cache plugin's user simulation feature is protected by a weak security hash generated using predictable values. An attacker can exploit this vulnerability by brute-forcing the security hash and passing it in a cookie along with a targeted user ID. If successful, the attacker can escalate their privileges to that of an Administrator. Affected Versions LiteSpeed Cache plugin versions prior to 6.4 are vulnerable. Author PoC: Alucard0x1 Telegram: https://t.me/Alucard0x1 Credit Bug Founder: John Blackbourn Profile on Patchstack Disclaimer This PoC is for educational purposes only. Do not use this script to target systems without explicit permission from the system owner. Unauthorized access to systems is illegal and unethical. Requirements Python 3.x requests library Installation Clone the repository and install the required Python package: bash git clone https://github.com/Alucard0x1/CVE-2024-28000.git cd CVE-2024-28000 pip install -r requirements.txt How to Use 1. Set Up the Target Edit the TARGET_SITE and ADMIN_USER_ID variables in the…Read More