The National Information Technology Development Agency has issued a critical security alert regarding a newly identified vulnerability, CVE-2024-28000, which impacts over 5 million websites worldwide.
This vulnerability affects the LiteSpeed Cache plugin for WordPress, a widely used tool for optimizing website performance, potentially allowing attackers to gain full control of compromised sites, according to Nairametrics.
NITDA reports that the vulnerability stems from a flaw in the plugin’s “role simulation” feature, enabling cybercriminals to exploit it for administrative access to websites without authentication.
Once an attacker gains control of a site, they could install malicious plugins, steal sensitive data, or redirect visitors to harmful websites.
This attack is facilitated by a weak hash function and a straightforward attack vector.
Cybercriminals can exploit the flaw using brute-force guessing or by manipulating exposed debug logs to gain administrative privileges.
NITDA highlighted that with over 5 million websites using the LiteSpeed Cache plugin, the potential impact of this vulnerability is substantial.
According to the agency, websites at risk could experience: Data theft, Website defacement, and Redirection to malicious sites.
Given WordPress powers a significant portion of the web, vulnerabilities can have widespread repercussions.
Businesses may face financial losses from downtime, data breaches, or ransomware attacks, and the damage to their reputation can be long-lasting, eroding customer trust.
To mitigate the risk of exploitation, NITDA urges all WordPress website administrators using the LiteSpeed Cache plugin to take immediate action by updating the LiteSpeed Cache Plugin.
“Ensure that the plugin is updated to the latest version (6.4.1). To check for updates, log in to your WordPress dashboard, navigate to the “Plugins” section, and update LiteSpeed Cache if necessary,” NITDA stated.
The agency also advised users to disable debugging on Live websites, noting that if left enabled on live sites, this feature could expose sensitive logs, making it easier for attackers to exploit vulnerabilities.
“Website owners should frequently check for vulnerabilities and ensure their plugins are up to date,” the agency added.
The LiteSpeed Cache plugin for WordPress optimizes website performance by caching content and resources, resulting in faster loading times. It enhances user experience and can improve search engine rankings by reducing server load and speeding up page delivery
