Security
Headlines
HeadlinesLatestCVEs

Headline

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

The Hacker News
#vulnerability#web#wordpress#php#auth#The Hacker News

Vulnerability / Website Security

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions.

The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin.

“The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain administrator level access after which malicious plugins could be uploaded and installed,” Patchstack security researcher Rafie Muhammad said in an analysis.

LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It’s installed on over six million sites.

The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August 2024 (CVE-2024-28000, CVSS score: 9.8).

It stems from the use of a weak security hash check that could be brute-forced by a bad actor, thus allowing for the crawler feature to be abused to simulate a logged-in user, including an administrator.

However, a successful exploitation banks on the following plugin configuration -

  • Crawler -> General Settings -> Crawler: ON
  • Crawler -> General Settings -> Run Duration: 2500 – 4000
  • Crawler -> General Settings -> Interval Between Runs: 2500 – 4000
  • Crawler -> General Settings -> Server Load Limit: 0
  • Crawler -> Simulation Settings -> Role Simulation: 1 (ID of user with administrator role)
  • Crawler -> Summary -> Activate: Turn every row to OFF except Administrator

The patch put in place by LiteSpeed removes the role simulation process and updates the hash generation step using a random value generator to avoid limiting the hashes to 1 million possibilities.

“This vulnerability highlights the critical importance of ensuring the strength and unpredictability of values that are used as security hashes or nonces,” Muhammad said.

“The rand() and mt_rand() functions in PHP return values that may be ‘random enough’ for many use cases, but they are not unpredictable enough to be used in security-related features, especially if mt_srand is used in a limited possibility.”

CVE-2024-50550 is the third security flaw to be disclosed in LiteSpeed within the last two months, the other two being CVE-2024-44000 (CVSS score: 7.5) and CVE-2024-47374 (CVSS score: 7.2).

The development comes weeks after Patchstack detailed two critical flaws in Ultimate Membership Pro that could result in privilege escalation and code execution. But the shortcomings have been addressed in version 12.8 and later.

  • CVE-2024-43240 (CVSS score: 9.4) - An unauthenticated privilege escalation vulnerability that could allow an attacker to register for any membership level and gain the attached role for it

  • CVE-2024-43242 (CVSS score: 9.0) - An unauthenticated PHP object injection vulnerability that could allow an attacker to execute arbitrary code.

Patchstack is also warning that the ongoing legal drama between WordPress’ parent Automattic and WP Engine has prompted some developers to abandon the WordPress.org repository, necessitating that users monitor appropriate communication channels to ensure they are receiving the latest information about possible plugin closures and security issues.

“Users who fail to manually install plugins removed from the WordPress.org repository risk not receiving new updates which can include important security fixes,” Patchstack CEO Oliver Sild said. “This can leave websites exposed to hackers who commonly exploit known vulnerabilities and may take advantage over such situations.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 It's enough to make you want to chuck your phone in the ocean.

Single HTTP Request Can Exploit 6M WordPress Sites

The popular LiteSpeed Cache plug-in is vulnerable to unauthenticated privilege escalation via a dangerous XSS flaw.

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and