Urgent WordPress Security Threat: Hackers Exploit LiteSpeed Cache Vulnerability

Urgent WordPress Security Threat
Critical vulnerability (CVE-2024-28000) in LiteSpeed Cache plugin for WordPress is under active attack. Hackers can gain full admin access. Upgrade to v6.4.1 or uninstall immediately.

A critical vulnerability in the popular WordPress plugin, LiteSpeed Cache, is being actively exploited by hackers. This plugin, designed to accelerate website loading times and used by millions of sites, has a flaw that allows unauthorized individuals to gain full administrative control.

Technical Breakdown of the Vulnerability

The vulnerability, officially designated as CVE-2024-28000, affects all versions of LiteSpeed Cache prior to 6.3.0.1. It resides in the plugin’s user simulation feature, where a weak hash check can be brute-forced by attackers to create unauthorized admin accounts.

Successful exploitation of this vulnerability grants attackers the ability to completely take over affected websites. This can include installing malicious plugins that further compromise the site, altering critical settings, redirecting unsuspecting visitors to harmful websites, and even stealing sensitive user data.

Widespread Exploitation and Alarming Statistics

The severity of the situation is amplified by the fact that less than a third of LiteSpeed Cache users have updated to the patched version. This leaves millions of websites exposed and vulnerable to attack.

WordPress security firm Wordfence has reported blocking over 48,500 attacks targeting this vulnerability in just the past 24 hours, underscoring the rapid and widespread nature of the exploitation attempts.

Expert Recommendations and Urgent Call to Action

Security experts are urging all users of LiteSpeed Cache to take immediate action. If you are currently using the plugin, it is imperative to upgrade to the latest version (6.4.1) as soon as possible. If you are unable to upgrade immediately, it is strongly recommended to uninstall the plugin entirely until you can do so.

This incident serves as a stark reminder of the importance of maintaining updated plugins and adhering to security best practices. This is the second major security issue identified in LiteSpeed Cache this year, further emphasizing the need for constant vigilance in protecting WordPress websites from potential threats.

About the author

Vishal Jain

Vishal Jain

With a Bachelor in Computer Application from VTU and 10 years of experience, Vishal's comprehensive reviews help readers navigate new software and apps. His insights are often cited in software development conferences. His hands-on approach and detailed analysis help readers make informed decisions about the tools they use daily.

Add Comment

Click here to post a comment

Follow Us on Social Media

Recommended Video

Web Stories

5 Best Earbuds Under 20k in September 2024: Apple Airpods 4 ANC, Samsung Galaxy Buds 3 Pro & More! 5 Best Smartwatches Under ₹5,000 in September 2024 6 Best Phone Under 20,000 in September 2024 5 Best Phone Under 30,000 in September 2024 5 Best Mobile Phones Under 12,000 in September 2024 Cheapest iPhone 16 and iPhone 16 Pro: Global Price Guide and Best Places to Buy