Security Vulnerability in LiteSpeed Cache Plugin Allows Attackers to Take Over WordPress Sites

LiteSpeed Cache, a popular plugin used to speed up WordPress websites, has been found to have a critical vulnerability that could allow attackers to take over sites with administrator-level access. The plugin, used on over five million websites, features server-level caching and optimization features.

Security researcher John Blackbourn discovered that LiteSpeed Cache suffers from an unauthenticated privilege escalation flaw. This flaw is tied to the plugin’s user simulation feature, which pre-populates caches for pages on a schedule. The security hash used to protect this feature was found to be generated by a weak random generation method, making it vulnerable to brute-force attacks.

The vulnerability affects LiteSpeed Cache versions 6.3.0.1 and earlier. To address this issue, the LiteSpeed team released version 6.4 on August 13th, which includes a more robust method for generating the security hash.

Blackbourn was rewarded $14,400 for his discovery, the highest bounty ever for WordPress bug hunting. This vulnerability comes on the heels of another flaw affecting over 100,000 WordPress sites in the GiveWP donation plugin, which was patched in version 3.14.2.

Users of LiteSpeed Cache are urged to update to at least version 6.4 to protect their websites from potential attacks. The security of WordPress websites continues to be a priority, with researchers and developers working to address vulnerabilities and keep sites secure.