Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

May 8, 2024 at 04:28AM

A high-severity vulnerability (CVE-2023-40000, CVSS score: 8.3) in the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts. The flaw, which allows for stored cross-site scripting, was disclosed in February 2024 and fixed in version 5.7.0.1. Users are urged to update and review installed plugins to mitigate potential threats.

Key Takeaways from Meeting Notes:

1. Vulnerability Information:
– A high-severity vulnerability (CVE-2023-40000, CVSS score: 8.3) affecting LiteSpeed Cache plugin for WordPress is actively exploited by threat actors to create rogue admin accounts on vulnerable websites.
– This stored cross-site scripting (XSS) vulnerability allows unauthenticated users to elevate privileges via specially crafted HTTP requests.
– The vulnerability was disclosed by Patchstack in February 2024 and addressed in version 5.7.0.1, while the latest version of the plugin is 6.2.0.1 as of April 25, 2024.

2. Impact:
– LiteSpeed Cache plugin has over 5 million active installations, with approximately 16.8% of websites still using versions other than 5.7, 6.0, 6.1, and 6.2.
– Threat actors exploit the vulnerability to inject malware, gain full control over websites, and perform arbitrary actions.

3. Mitigation:
– Users are advised to apply the latest fixes, review all installed plugins, and delete any suspicious files and folders. WPScan suggests searching the database for specific suspicious strings.
– To counter the redirect scam campaign Mal.Metrica, enabling automatic updates for core files, plugins, and themes is recommended.

4. Additional Information:
– Mal.Metrica is a redirect scam campaign affecting WordPress sites, employing fake CAPTCHA verifications to redirect users to fraudulent and undesirable sites.
– The scam campaign takes advantage of recently disclosed security flaws in WordPress plugins and has compromised 17,449 websites in 2024.

5. Recommendations:
– WordPress website owners are encouraged to consider enabling automatic updates for core files, plugins, and themes.
– Regular web users should exercise caution when clicking on suspicious links and be wary of out-of-place prompts.

These key takeaways summarize the critical points and actions from the meeting notes related to the web security vulnerabilities discussed on May 08, 2024.

Full Article