Headline
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
By Deeba Ahmed Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress site today! This is a post from HackRead.com Read the original post: LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
WordPress websites have been under attack lately, with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin, claim Automattic’s security team, WPScan.
As of 2024, there are over 1.89 billion websites on the internet, with around 835 million relying on WordPress as their Content Management System (CMS), constituting approximately 43.3% of the total number of websites worldwide. This makes the CMS a lucrative target for cyber criminals.
According to WPSCan’s blog post, threat actors are exploiting a stored cross-site scripting (XSS) vulnerability in the plugin that allows an unauthenticated user to elevate privileges through specially crafted HTTP requests. LiteSpeed Cache plugin versions older than 5.7.0.1 are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000, and disclosed by Patchstack in February 2024.
****Understanding the Vulnerability****
The vulnerability lies in unauthenticated stored XSS (cross-site scripting) within older versions of the plugin. Unauthenticated XSS means an attacker doesn’t need login credentials to inject malicious code.
On the other hand, Stored XSS means the malicious code gets stored on your website’s database, infecting any user who visits the compromised page. Attackers are injecting malicious JavaScript code in WordPress files and database, creating administrator users named ‘wpsupp‑user’ or ‘wp‑configuser,’ by exploiting this flaw.
You can identify malicious URLs and IPs as they generally include (startservicefounds . com/service/f.php, apistartservicefounds. com, and (cachecloudswiftcdn . com), and malware associated IP was tracked as 45.150.67.235.
****Potential Dangers****
LiteSpeed Cache is a popular plugin, used in over five million WordPress sites for its Google Search ranking-boosting capabilities. The flaw was addressed in October 2023 in version 5.7.0.1 while the latest version, 6.2.0.1, was released on April 25, 2024. However, despite migration to non-vulnerable versions, 1,835,000 users still run vulnerable releases, indicating infection, researchers noted.
Creating admin accounts on WordPress sites can lead to severe consequences, allowing threat actors to gain full control and perform arbitrary actions, such as injecting malware or installing malicious plugins. Exercise Caution!
This development comes after Sucuri revealed a redirect scam campaign called Mal.Metrica, which uses fake CAPTCHA prompts to redirect users to fraudulent sites.
To secure your WordPress site, update the LiteSpeed Cache plugin to the latest version, scan for malware using a reputable WordPress security scanner, and change all login credentials. WPScan recommends searching for suspicious strings in the litespeed.admin_display.messages option or presence of wpsupp-user.
- 5 Best CAPTCHA Plugins for WordPress Websites
- WordPress Websites Hacked with New Sign1 Malware
- WordPress Websites Being Hacked with Balada Malware
- FakeUpdates Malware Targets Millions of WordPress Sites
- Zero-Day Exploit Threatens 200,000 WordPress Websites
Related news
Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and
Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…