HomeVulnerabilityLiteSpeed Cache Plugin Vulnerability Poses Important Threat to WordPress Web sites

LiteSpeed Cache Plugin Vulnerability Poses Important Threat to WordPress Web sites

A high-severity security flaw has been disclosed within the LiteSpeed Cache plugin for WordPress that would enable an unauthenticated menace actor to raise their privileges and carry out malicious actions.

The vulnerability, tracked as CVE-2024-50550 (CVSS rating: 8.1), has been addressed in model 6.5.2 of the plugin.

“The plugin suffers from an unauthenticated privilege escalation vulnerability which permits any unauthenticated customer to realize administrator stage entry after which malicious plugins may very well be uploaded and put in,” Patchstack security researcher Rafie Muhammad mentioned in an evaluation.

LiteSpeed Cache is a well-liked website acceleration plugin for WordPress that, because the title implies, comes with superior caching performance and optimization options. It is put in on over six million websites.

The newly recognized problem, per Patchstack, is rooted in a operate named is_role_simulation and is just like an earlier flaw that was publicly documented again in August 2024 (CVE-2024-28000, CVSS rating: 9.8).

Cybersecurity

It stems from using a weak security hash examine that may very well be brute-forced by a nasty actor, thus permitting for the crawler characteristic to be abused to simulate a logged-in consumer, together with an administrator.

See also  SolarWinds Patches Excessive-Severity Flaws in Entry Rights Supervisor

Nonetheless, a profitable exploitation banks on the next plugin configuration –

  • Crawler -> Common Settings -> Crawler: ON
  • Crawler -> Common Settings -> Run Period: 2500 – 4000
  • Crawler -> Common Settings -> Interval Between Runs: 2500 – 4000
  • Crawler -> Common Settings -> Server Load Restrict: 0
  • Crawler -> Simulation Settings -> Position Simulation: 1 (ID of consumer with administrator position)
  • Crawler -> Abstract -> Activate: Flip each row to OFF besides Administrator

The patch put in place by LiteSpeed removes the position simulation course of and updates the hash era step utilizing a random worth generator to keep away from limiting the hashes to 1 million prospects.

“This vulnerability highlights the essential significance of making certain the energy and unpredictability of values which might be used as security hashes or nonces,” Muhammad mentioned.

“The rand() and mt_rand() features in PHP return values which may be ‘random sufficient’ for a lot of use circumstances, however they aren’t unpredictable sufficient for use in security-related options, particularly if mt_srand is utilized in a restricted chance.”

See also  Microsoft permits Home windows Kernel CVE-2023-32019 repair for everybody

CVE-2024-50550 is the third security flaw to be disclosed in LiteSpeed throughout the final two months, the opposite two being CVE-2024-44000 (CVSS rating: 7.5) and CVE-2024-47374 (CVSS rating: 7.2).

Cybersecurity

The event comes weeks after Patchstack detailed two essential flaws in Final Membership Professional that would lead to privilege escalation and code execution. However the shortcomings have been addressed in model 12.8 and later.

  • CVE-2024-43240 (CVSS rating: 9.4) – An unauthenticated privilege escalation vulnerability that would enable an attacker to register for any membership stage and achieve the connected position for it
  • CVE-2024-43242 (CVSS rating: 9.0) – An unauthenticated PHP object injection vulnerability that would enable an attacker to execute arbitrary code.

Patchstack can also be warning that the continued authorized drama between WordPress’ mum or dad Automattic and WP Engine has prompted some builders to desert the WordPress.org repository, necessitating that customers monitor acceptable communication channels to make sure they’re receiving the most recent details about potential plugin closures and security points.

See also  Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

“Customers who fail to manually set up plugins faraway from the WordPress.org repository threat not receiving new updates which might embrace vital security fixes,” Patchstack CEO Oliver Sild mentioned. “This could go away web sites uncovered to hackers who generally exploit recognized vulnerabilities and will take benefit over such conditions.”

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular