May 7, 2024 at 05:48PM
Hackers are exploiting vulnerabilities in outdated LiteSpeed Cache and Email Subscribers plugins for WordPress, creating rogue admin users and compromising sites. An unauthenticated cross-site scripting flaw, CVE-2023-40000, affects LiteSpeed Cache versions older than 5.7.0.1, while Email Subscribers plugin versions 5.7.14 and older are vulnerable to a critical SQL injection flaw, CVE-2024-2876. WordPress site admins are urged to update plugins, remove unnecessary components, and monitor for unauthorized admin accounts. In case of a breach, a full site cleanup is necessary.
From the meeting notes, we can gather the following key points:
1. Hackers are targeting WordPress sites using an outdated version of the LiteSpeed Cache plugin to gain control by creating administrator users.
2. There is an increased activity of threat actors scanning for and compromising WordPress sites with vulnerable versions of the LiteSpeed Cache plugin.
3. Hackers are also targeting the “Email Subscribers” WordPress plugin to create administrator accounts using a critical SQL injection vulnerability.
4. Recommendations for WordPress site admins include updating plugins to the latest version, removing or disabling unnecessary components, and monitoring for new admin accounts being created.
5. In the event of a confirmed breach, a full site cleanup is mandatory, including deleting rogue accounts, resetting passwords for existing accounts, and restoring the database and site files from clean backups.
These clear takeaways provide an overview of the current security threats targeting WordPress sites and the recommended actions for site administrators to mitigate these risks.