Are you running a WordPress site with the Litespeed Cache
plugin? You could be vulnerable to a serious security risk. Millions of
websites may be at risk of takeover due to a critical vulnerability found in
this popular plugin.
Litespeed Cache is a widely-used plugin designed to improve
website performance by caching content. With over 5 million active
installations, it’s a go-to tool for many WordPress users. However, a recent
discovery by security researcher John Blackbourn revealed a critical flaw that
could allow attackers to gain administrator access to WordPress sites without
needing to log in.
The vulnerability, tracked as CVE-2024-28000, is a privilege
escalation flaw. This means that an attacker can elevate their access level,
giving them administrator privileges, which could allow them to take complete
control of a targeted site. The discovery was responsibly reported through the
bug bounty program run by WordPress security firm Patchstack, earning
Blackbourn a reward of $14,400 for identifying the issue.
Upon being notified of the vulnerability on August 5, the
developers of Litespeed Cache quickly acted and released a patched version
(6.4) on August 13. However, while the patch is available, not all users have
updated their plugins. Data from WordPress.org shows that around 3 million
users have downloaded the update since its release, leaving approximately 2
million websites still exposed to potential attacks.
What makes this vulnerability particularly concerning is how
it operates. The flaw exploits a feature in the plugin that simulates user
actions, which is protected by a weak security hash. This hash uses known
values, making it easier for attackers to crack. If an attacker can obtain this
hash, they can create a new user account with administrator privileges. This
would enable them to deploy malware or make other malicious changes to the
site.
The situation is further complicated by the fact that the
security hash only has 1 million possible values, making it susceptible to
brute-force attacks. Patchstack estimates that such an attack could take
anywhere from a few hours to a week to succeed. Additionally, if the site has
debugging mode enabled, the hash might be leaked in logs, providing another
potential attack vector.
While this vulnerability may not be easy to exploit on a
large scale, Patchstack CEO Oliver Sild warns that it could be used in targeted
attacks. For hackers looking to take over a specific website, this flaw
provides a relatively straightforward method to gain full access. Defiant,
another WordPress security firm, has echoed these concerns, stating that they
expect the vulnerability to be actively exploited soon.
If you’re using the Litespeed Cache plugin, it’s crucial to
update to the latest version immediately. Keeping your plugins up to date is a
critical step in securing your website and protecting it from potential
threats.