Primary

Context

LiteSpeed User-End cPanel Plugin Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability, potentially leading to root access, has been identified in the LiteSpeed User-End cPanel Plugin versions prior to 2.4.5. This vulnerability was actively exploited in May 2026. The issue arises from improper handling of Redis cache management features, allowing unauthorized users to gain elevated privileges. The LiteSpeed WHM Plugin, which is the parent plugin, does not have this vulnerability.

Impact

Exploitation of this vulnerability could allow an attacker to gain unauthorized privileges, potentially escalating to root access.

Added: May 21, 2026, 2:20 AM

Updated: May 21, 2026, 2:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

9.0

threat

0.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

9.0

threat

0.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LiteSpeed User-End cPanel Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

LiteSpeed User-End cPanel Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating