Saturday, September 7, 2024
Homecyber securityCritical Flaw in LiteSpeed Cache WordPress Plugin Exposes Millions of Websites to...

Critical Flaw in LiteSpeed Cache WordPress Plugin Exposes Millions of Websites to Attack

Published on

The Researcher team has identified and patched a critical privilege escalation vulnerability in the LiteSpeed Cache plugin.

This plugin, installed on over 5 million WordPress sites, was susceptible to attacks that could allow unauthenticated users to gain administrative access.

The vulnerability, identified as CVE-2024-28000, has been fixed in the latest version, 6.4.1, and users are urged to update immediately.

- Advertisement - EHA

CVE-2024-28000 – The Vulnerability

The vulnerability in question affected all versions of the LiteSpeed Cache plugin up to 6.3.0.1. It was discovered that the plugin did not properly restrict the role simulation functionality.

This flaw allowed unauthenticated attackers to spoof their user IDs, potentially register as administrative-level users, and take over WordPress sites.

Technical Details

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

The vulnerability was rooted in the plugin’s handling of user emulation through its “Crawler Simulation Settings.”

This feature was insecurely implemented. It was designed to allow the plugin to crawl and cache pages as specific authenticated users. The core issue lay in the async_litespeed_handler() function, which lacked proper capability or nonce checks.

This oversight enabled users to trigger the function and generate a $hash value stored in the options table. This $hash could then be used to spoof user IDs.

Wordfence has issued a firewall rule to protect its Premium, Care, and Response users against this vulnerability as of August 20th, 2024.

Free users will receive this protection on September 19th, 2024. Given the critical nature of this vulnerability, it is imperative for all users of the LiteSpeed Cache plugin to update to version 6.4.1 or later immediately.

For those managing WordPress sites, it is also advisable to regularly review and update all plugins and themes to their latest versions to mitigate potential security risks.

This vulnerability highlights the ongoing need for vigilance in web security, especially for widely used plugins like LiteSpeed Cache.

The swift action by Wordfence and the WordPress community underscores the importance of collaborative efforts in maintaining a secure web environment.

Users are encouraged to remain proactive in updating their sites and sharing security advisories with others to prevent exploitation.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...