WordPress administrators using the Litespeed Cache plugin should update their sites with the latest plugin version to address a critical vulnerability. By exploiting the flaw, an unauthenticated attacker can take control of target websites.
A vulnerability in the LiteSpeed Cache Plugin could result in site takeover
Security researcher John Blackbourn of PatchStack discovered a critical privilege escalation vulnerability in the LiteSpeed Cache plugin.
LiteSpeed Cache for WordPress offers an exclusive server-level cache and numerous site optimization features. The plugin boasts over 5 million active installs, indicating its popularity among WordPress users. Nevertheless, it also shows how each vulnerability in the plugin potentially threatens millions of websites.
Specifically, the vulnerability existed in the plugin’s crawler feature, which exhibits a user simulation functionality to execute crawler requests as authenticated users. Due to a weak security hash in this feature, the plugin allowed an unauthenticated adversary to spoof a verified user and gain elevated site privileges. The worst exploitation scenarios even allowed the installation of malicious plugins and a complete takeover of the site.
This vulnerability, identified as CVE-2024-28000, received a critical severity rating and a CVSS score of 9.8. It affected all plugin releases up to 6.3.0.1.
Detailed technical analysis of the vulnerability is available in the recent version after from PatchStack.
Vulnerability fixed with the latest release of the plugin
When Blackbourn noticed the vulnerability, it responsibly disclosed it to the plugin developers via Patchstack. In response, the developers patched the vulnerability with the LiteSpeed Cache plugin version 6.4. The researcher also received a $14,400 bounty under the Patchstack Zero Day program for this bug report.
Since the patch arrived, all WordPress administrators should update their sites with the latest plugin release to avoid potential threats. Ideally, users should update to version 6.4.1 of the LiteSpeed Cache plugin, which appears as the latest release on the official page of the plugin.
Let us know your thoughts in the comments.