A critical security vulnerability (CVE-2024-28000 [1], CVSS 9.8) has been disclosed in the widely-used LiteSpeed Cache plugin for WordPress [1], affecting over 5,000,000 sites [2].
Description
This flaw allows unauthenticated attackers to gain administrative access by spoofing their user ID through manipulation of a hashed value stored in the database [1]. Attackers can exploit this vulnerability to create new administrative user accounts and take control of affected sites [1]. The vulnerability was present in all versions up to 6.3.0.1 [2], due to insecure implementation of role simulation functionality [2]. The security update in version 6.4 of the plugin addresses this vulnerability by enhancing the security hash with increased complexity and stricter validation procedures. The $hash value [1], vulnerable to brute force attacks due to its limited length and possible combinations, is now more secure. Users are advised to update to the latest patched version, 6.4.1 [2], to mitigate the risk of exploitation [1] [2]. Additionally, site admins should check for unrecognized admin accounts and make specific changes in the router.cls.php file [3]. Hosting providers can implement temporary solutions such as mod_sec rules or rewrite rules [3]. Wordfence users received protection against exploits targeting this vulnerability [2], with free version users receiving the same protection 30 days later [2]. Keeping the plugin up-to-date is recommended to ensure protection against this critical vulnerability and disable debugging on production sites to minimize the risk of exploitation.
Conclusion
It is crucial for users to update to the latest patched version, 6.4.1, to mitigate the risk of exploitation [1] [2]. Site admins should also take necessary precautions to secure their sites and hosting providers can implement temporary solutions. Wordfence users are already protected, but all users should keep their plugins up-to-date to ensure protection against this critical vulnerability.
References
[1] https://securityonline.info/cve-2024-28000-active-exploitation-litespeed-cache-vulnerability/
[2] https://www.wordfence.com/blog/2024/08/over-5000000-site-owners-affected-by-critical-privilege-escalation-vulnerability-patched-in-litespeed-cache-plugin/
[3] https://blog.litespeedtech.com/2024/08/21/security-update-for-litespeed-cache/