A new flaw was found, granting threat actors full access to vulnerable websites.
Security researchers have found yet another critical vulnerability in the LiteSpeed Cache plugin for WordPress that allows threat actors to take over websites.
Four months after patching an unauthenticated cross-site scripting flaw, the popular optimization plugin was found vulnerable to a bug described as an “unauthenticated account takeover vulnerability”. In other words, an unauthenticated malicious visitor could abuse the hole to gain access to any logged-in user, including admin accounts. That, as you may presume, grants the attacker full access to the website to do with it as they please.
The bug is tracked as CVE-2024-44000, and carries a severity score of 7.5. Version 6.4.1, and all versions before, were said to be vulnerable. A patch has been deployed which brings LiteSpeed Cache to version 6.5.0.1, and users are advised to install it as soon as possible.
Low severity score
Describing how the flaw works, researchers from Patchstack said that LiteSpeed Cache has kept the debug.log file publicly exposed, allowing unauthenticated individuals to view sensitive information found inside. Besides login credentials, the file includes cookie information from HTTP response headers, and more.
The flaw was given a relatively low severity score since the debug feature must be enabled on WordPress, for the flaw to be abusable. It is disabled by default.
“This vulnerability highlights the critical importance of ensuring the security of performing a debug log process, what data should not be logged, and how the debug log file is managed,” Patchstack explained.
LiteSpeed Cache is a plugin for the website builder WordPress promising faster page load times, better user experience, and improved Google Search Results Page positions. It is designed to improve website performance by reducing page load times, which it achieves by storing static versions of dynamic content. When a user requests a page, LSCache serves the cached version, minimizing the need for the server to regenerate the page repeatedly. This results in faster response times and reduced server load.
Update
Wordfence has revealed that exploitation attempts against the flaw have already commenced in full swing, stating it “blocked 58,952 attacks targeting this vulnerability in the past 24 hours.”