Critical LiteSpeed Cache vulnerability puts five million WordPress websites at risk

Published:

spot_img

Security Vulnerability in LiteSpeed Cache Plugin Allows Attackers to Take Over WordPress Sites

LiteSpeed Cache, a popular plugin used to speed up WordPress websites, has been found to have a critical vulnerability that could allow attackers to take over sites with administrator-level access. The plugin, used on over five million websites, features server-level caching and optimization features.

Security researcher John Blackbourn discovered that LiteSpeed Cache suffers from an unauthenticated privilege escalation flaw. This flaw is tied to the plugin’s user simulation feature, which pre-populates caches for pages on a schedule. The security hash used to protect this feature was found to be generated by a weak random generation method, making it vulnerable to brute-force attacks.

The vulnerability affects LiteSpeed Cache versions 6.3.0.1 and earlier. To address this issue, the LiteSpeed team released version 6.4 on August 13th, which includes a more robust method for generating the security hash.

Blackbourn was rewarded $14,400 for his discovery, the highest bounty ever for WordPress bug hunting. This vulnerability comes on the heels of another flaw affecting over 100,000 WordPress sites in the GiveWP donation plugin, which was patched in version 3.14.2.

Users of LiteSpeed Cache are urged to update to at least version 6.4 to protect their websites from potential attacks. The security of WordPress websites continues to be a priority, with researchers and developers working to address vulnerabilities and keep sites secure.

spot_img

Related articles

Recent articles

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape Securonix has announced the appointment of Toby Weiss as its new Chief...

India’s Largest Cybercrime Conference Approaches: FutureCrime Summit 2026 Scheduled for 6–7 August at Bharat Mandapam

India's Largest Cybercrime Conference Approaches: FutureCrime Summit 2026 Scheduled for 6–7 August at Bharat Mandapam The FutureCrime Summit 2026 is set to take place at...

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities A recent cyberattack targeting Poland's critical infrastructure has been officially linked...

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport The New Terminal One at John F. Kennedy International Airport (JFK)...