Thursday, December 5, 2024
Homecyber securityCritical Flaw in LiteSpeed Cache WordPress Plugin Exposes Millions of Websites to...

Critical Flaw in LiteSpeed Cache WordPress Plugin Exposes Millions of Websites to Attack

Published on

SIEM as a Service

The Researcher team has identified and patched a critical privilege escalation vulnerability in the LiteSpeed Cache plugin.

This plugin, installed on over 5 million WordPress sites, was susceptible to attacks that could allow unauthenticated users to gain administrative access.

The vulnerability, identified as CVE-2024-28000, has been fixed in the latest version, 6.4.1, and users are urged to update immediately.

- Advertisement - SIEM as a Service

CVE-2024-28000 – The Vulnerability

The vulnerability in question affected all versions of the LiteSpeed Cache plugin up to 6.3.0.1. It was discovered that the plugin did not properly restrict the role simulation functionality.

This flaw allowed unauthenticated attackers to spoof their user IDs, potentially register as administrative-level users, and take over WordPress sites.

Technical Details

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

The vulnerability was rooted in the plugin’s handling of user emulation through its “Crawler Simulation Settings.”

This feature was insecurely implemented. It was designed to allow the plugin to crawl and cache pages as specific authenticated users. The core issue lay in the async_litespeed_handler() function, which lacked proper capability or nonce checks.

This oversight enabled users to trigger the function and generate a $hash value stored in the options table. This $hash could then be used to spoof user IDs.

Wordfence has issued a firewall rule to protect its Premium, Care, and Response users against this vulnerability as of August 20th, 2024.

Free users will receive this protection on September 19th, 2024. Given the critical nature of this vulnerability, it is imperative for all users of the LiteSpeed Cache plugin to update to version 6.4.1 or later immediately.

For those managing WordPress sites, it is also advisable to regularly review and update all plugins and themes to their latest versions to mitigate potential security risks.

This vulnerability highlights the ongoing need for vigilance in web security, especially for widely used plugins like LiteSpeed Cache.

The swift action by Wordfence and the WordPress community underscores the importance of collaborative efforts in maintaining a secure web environment.

Users are encouraged to remain proactive in updating their sites and sharing security advisories with others to prevent exploitation.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...