Security
Headlines
HeadlinesLatestCVEs

Headline

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and

The Hacker News
#vulnerability#web#windows#js#wordpress#php#perl#auth#The Hacker News

Website Security / Vulnerability

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

“The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and installed,” Patchstack’s Rafie Muhammad said in a Wednesday report.

The vulnerability, tracked as CVE-2024-28000 (CVSS score: 9.8), has been patched in version 6.4 of the plugin released on August 13, 2024. It impacts all versions of the plugin, including and prior to 6.3.0.1.

LiteSpeed Cache is one of the most widely used caching plugins in WordPress with over five million active installations.

In a nutshell, CVE-2024-28000 makes it possible for an unauthenticated attacker to spoof their user ID and register as an administrative-level user, effectively granting them privileges to take over a vulnerable WordPress site.

The vulnerability is rooted in a user simulation feature in the plugin that uses a weak security hash that suffers from the use of a trivially guessable random number as the seed.

Specifically, there are only one million possible values for the security hash due to the fact that the random number generator is derived from the microsecond portion of the current time. What’s more, the random number generator is not cryptographically secure and the generated hash is neither salted nor tied to a particular request or a user.

“This is due to the plugin not properly restricting the role simulation functionality allowing a user to set their current ID to that of an administrator, if they have access to a valid hash which can be found in the debug logs or through brute force,” Wordfence said in its own alert.

“This makes it possible for unauthenticated attackers to spoof their user ID to that of an administrator, and then create a new user account with the administrator role utilizing the /wp-json/wp/v2/users REST API endpoint.”

It’s important to note that the vulnerability cannot be exploited on Windows-based WordPress installations due to the hash generation function’s reliance on a PHP method called sys_getloadavg() that’s not implemented on Windows.

“This vulnerability highlights the critical importance of ensuring the strength and unpredictability of values that are used as security hashes or nonces,” Muhammad said.

With a previously disclosed flaw in LiteSpeed Cache (CVE-2023-40000, CVSS score: 8.3) exploited by malicious actors, it’s imperative that users move quickly to update their instances to the latest version.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an

Popular WordPress Plugins Leave Millions Open to Backdoor Attacks

Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…

LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites

By Deeba Ahmed Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress site today! This is a post from HackRead.com Read the original post: LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites