// CVE-2024-50550 · CVE-2024-44000 · 5M INSTALLS
LiteSpeed Cache compromise?
We clean it.
Two critical LiteSpeed Cache bugs in 2024 — unauth privilege escalation and session-hash leak. Five million installs. If yours was on a vulnerable version during the disclosure window, you need a forensic look. Flat $279.
§ 01 — TWO BUGS, BOTH BAD
What was vulnerable, what attackers did with it.
CVE-2024-44000 — the LiteSpeed Cache debug log captured the wordpress_logged_in cookie. If debug was enabled and the log file was reachable from the web, an attacker could lift session hashes and authenticate as any logged-in user, including administrators. Patched in 6.5.0.1.
CVE-2024-50550 — an unauthenticated privilege-escalation in the role-simulation feature used for crawler simulation. A weak hash allowed unauthenticated visitors to forge a session for any user ID. Patched in 6.5.2.
§ 02 — INDICATORS
What we look at.
[ DEBUG LOG ]
wp-content/litespeed/debug.log or any *.log under wp-content/litespeed/. Anything web-readable. If present and ever exposed, treat sessions as leaked.
[ ROLE SIM ]
wp_options entries with role-simulation hashes, and POSTs to LiteSpeed Cache REST endpoints from unfamiliar IPs in October 2024 onward.
[ USERS ]
New administrators created during the disclosure window. Sessions issued for admin users from unfamiliar geographies.
[ FILES ]
Recently-modified plugin/theme PHP files, fresh PHP in uploads, new mu-plugins.
§ PRICE
Flat $279. One-time. Per site.
[ RESCUE ]
$279
FORFAIT · UNIQUE · PAR SITE
Nettoyage manuel, identification du vecteur, rapport forensique écrit. Garantie de réinfection 30 jours.
Démarrer un nettoyage →[ SHIELD ]
$29 / mo
PAR SITE · RÉSILIATION À TOUT MOMENT
Surveillance continue, durcissement, un nettoyage par an inclus.
Se protéger →Site compromis ? Démarrer une mission.
Send us what you know. You get a triage and a fixed quote in return — no obligation.