A vulnerability within the LiteSpeed Cache plugin for WordPress, which has over 6 million lively installations, has been found permitting unauthenticated guests to achieve administrator-level entry by exploiting a safety flaw within the plugin’s position simulation function. This flaw permitted unauthorized entry that would result in the set up of malicious plugins.
The LiteSpeed Cache plugin is broadly used for web site optimization and helps well-liked WordPress plugins like WooCommerce, bbPress and Yoast website positioning.
Vulnerability Particulars and Exploitation Dangers
Based on the Patchstack group, the recognized vulnerability exploits weak safety hash checks that could possibly be reproduced beneath sure configurations set by an administrator, together with excessive run length settings and cargo limits within the plugin’s Crawler function.
The vulnerability, listed as CVE-2024-50550, has raised issues as a result of ease with which hashes could be brute-forced, thereby bypassing key safety checks.
Key circumstances for reproducing this vulnerability embody:
-
Enabling the Crawler function and setting a run length between 2500-4000 seconds
-
Setting the server load restrict to 0
-
Activating position simulation for customers with administrator privileges
Learn extra on WordPress safety vulnerabilities: Vital LiteSpeed Cache Plugin Flaw Exposes WordPress Websites
Steps to Mitigate the Safety Flaw
In response to the vulnerability, the LiteSpeed improvement group have eliminated the position simulation function and strengthened hash era to forestall unauthorized entry makes an attempt.
In addition they confirmed to Patchstack they plan to additional enhance safety by incorporating extra sturdy random worth mills in future updates, aiming to offer higher safety in opposition to brute-force assaults.
Patchstack suggested LiteSpeed Cache customers to replace to model 6.5.2 or greater to mitigate this concern.
“This vulnerability highlights the important significance of making certain the power and unpredictability of values which might be used as safety hashes or nonces,” the agency mentioned. “Any function concerning position simulation or different consumer simulation must also be protected with correct entry management.”
Moreover, directors ought to assessment plugin settings to make sure that configurations just like the Crawler run length and cargo limits are optimized for safety.
