CVE-2024-47637: 
WordPress vulnerability analysis and mitigation

A Relative Path Traversal vulnerability was discovered in LiteSpeed Technologies' LiteSpeed Cache plugin affecting versions through 6.4.1. The vulnerability was disclosed on October 16, 2024, and was assigned identifier CVE-2024-47637. This security issue affects the WordPress plugin LiteSpeed Cache and allows potential path traversal attacks (Patchstack, NVD).

The vulnerability has been classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-23 (Relative Path Traversal). It received a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a serious security issue that requires low attack complexity and privileged access (NVD).

The path traversal vulnerability could potentially allow attackers to access files outside of intended directories, which could lead to unauthorized access to sensitive information or system files. The high CVSS score (8.8) indicates potential severe impacts on confidentiality, integrity, and availability of the affected system (Patchstack).

The vulnerability has been fixed in version 6.5.1 of the LiteSpeed Cache plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).