Worrying WordPress plugin security flaw could let hackers hijack your site

Another major flaw found in LiteSpeed Cache WordPress plugin

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

LiteSpeed Cache, an immensely popularWordPressplugin for site performance optimization, suffered from a vulnerability which allowed threat actors to gain admin status.

With such elevated privileges, they would be able to perform all sorts of malicious activities on the compromised websites.

According to researchers from Patchstack, the vulnerability was discovered in the is_role_simulation function, and it is relatively similar to a different vulnerability that was discovered last summer. The function apparently used a weak security hash check that could be broken with brute force, granting the attackers the ability to abuse the crawler feature and simulate a logged-in administrator.

Who is vulnerable?

There are a few factors that need to align before the vulnerability can be abused, though.

That includes having the crawler turned on, with run duration between 2500 and 4000, and the intervals between runs being set to 2500- 4000. Furthermore, Server Load Limit should be set to 9, Role Simulation to 1 (ID of user with admin role), and Turn every row to OFF except Administrator should be activated.

The vulnerability is now tracked as CVE-2024-50550, and has a severity score of 8.1 (high severity). It was already patched, with the version 6.5.2 of the plugin being the earliest clean one. LiteSpeed Cache is one of the most popular plugins of its kind, with more than six million active installations.

There is no talk of any evidence of in-the-wild abuse, so chances are cybercrooks have not picked up on the vulnerability in the past.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However, now that the patch is public, it’s only a matter of time before they start scanning for vulnerable websites. Currently, almost three-quarters (72.1%) of all LiteSpeed Cache websites are running the latest version, 6.5, with 6.7% running 6.4, and a notable 21.2% running “other” versions. Therefore, at least 27.6% of sites could be targeted, which is more than 1.6 million.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats