Platform
wordpress
Component
litespeed-cache
Fixed in
6.4.2
CVE-2024-47637 describes a Path Traversal vulnerability discovered in LiteSpeed Cache, a WordPress plugin. This vulnerability allows attackers to potentially read sensitive files on the server. Versions of LiteSpeed Cache prior to 6.4.1 are affected. A patch has been released in version 6.4.2.
The Path Traversal vulnerability in LiteSpeed Cache allows an attacker to bypass security restrictions and access files outside of the intended web root directory. By crafting malicious requests, an attacker could potentially read configuration files, source code, or other sensitive data stored on the server. This could lead to the exposure of credentials, API keys, or other confidential information. The blast radius extends to any data accessible by the web server user, potentially impacting the entire WordPress installation and any connected databases or services.
CVE-2024-47637 was publicly disclosed on 2024-10-16. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of writing. While no exploit is currently known, the ease of exploitation inherent in Path Traversal vulnerabilities suggests a potential for rapid exploitation once a proof-of-concept is developed.
Exploit Status
EPSS
1.74% (82% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-47637 is to upgrade LiteSpeed Cache to version 6.4.2 or later. If immediate upgrading is not possible, implement a Web Application Firewall (WAF) to restrict access to sensitive files and directories. Configure the WAF to block requests containing path traversal sequences like ../. Additionally, review file permissions on the server to ensure that the web server user has only the necessary access rights. After upgrading, confirm the fix by attempting to access a known sensitive file via a crafted URL; access should be denied.
Actualice el plugin LiteSpeed Cache a la última versión disponible. La vulnerabilidad de Path Traversal ha sido corregida en versiones posteriores a la 6.4.1. Puede actualizar el plugin directamente desde el panel de administración de WordPress.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-47637 is a Path Traversal vulnerability affecting LiteSpeed Cache versions up to 6.4.1, allowing attackers to potentially read sensitive files on the server.
Yes, if you are using LiteSpeed Cache version 6.4.1 or earlier, you are vulnerable to this Path Traversal vulnerability.
Upgrade LiteSpeed Cache to version 6.4.2 or later. Implement WAF rules to restrict file access as an interim measure.
Currently, there are no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation exists.
Refer to the official LiteSpeed Technologies security advisory for CVE-2024-47637 on their website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.