Serious Bug in WordPress LiteSpeed Cache Plugin Gives Hackers Admin Access

0
59
Serious Bug in WordPress LiteSpeed Cache Plugin Gives Hackers Admin Access
Serious Bug in WordPress LiteSpeed Cache Plugin Gives Hackers Admin Access

A significant security flaw that could allow unauthorized users to take over the system has been discovered by cybersecurity researchers in the WordPress plugin LiteSpeed Cache.

Researchers studying cybersecurity have found a serious security hole in the WordPress plugin LiteSpeed Cache that might allow unauthorized users to take control of the system. According to a study published on Wednesday by Patchstack’s Rafie Muhammad, “the plugin suffers from an unauthenticated privilege escalation vulnerability that allows any unauthenticated visitor to gain administrator-level access, after which malicious plugins could be uploaded and installed.” The patch for the vulnerability, identified as CVE-2024-28000 (CVSS score: 9.8), was included in the plugin version 6.4 that was made available on August 13, 2024. It affects all plugin versions, even those earlier than 6.3.0.1.

LiteSpeed Cache has more than five million active installs, making it one of the most popular caching plugins for WordPress. To put it briefly, CVE-2024-28000 allows an unauthenticated attacker to register as an administrative-level user and spoof their user ID, giving them access to take control of a WordPress website that is vulnerable.

The source of the vulnerability is a user simulation feature in the plugin that makes use of a poor security hash with a seed that is an easily guessed random number. Specifically, because the random number generator is drawn from the microsecond fraction of the current time, there are only one million potential values for the security hash.

Furthermore, the hash that is produced is neither salted nor associated with a specific request or user, nor is the random number generator cryptographically secure. “This is due to the plugin not properly restricting the role simulation functionality, allowing a user to set their current ID to that of an administrator if they have access to a valid hash that can be found in the debug logs or through brute force,” Wordfence stated in its own notice. “This makes it possible for unauthenticated attackers to spoof their user ID to that of an administrator and then create a new user account with the administrator role utilizing the /wp-json/wp/v2/users REST API endpoint.”

Also readAt Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.