Hackers are exploiting critical bug in LiteSpeed Cache plugin

Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public.

The security issue is tracked as CVE-2024-28000 and allows escalating privileges without authentication in all versions of the WordPress plugin up to 6.3.0.1.

The vulnerability stems from a weak hash check in the plugin’s user simulation feature which can be exploited by attackers brute-forcing the hash value to create rogue admin accounts.

This could lead to a complete takeover of the affected websites, allowing the installation of malicious plugins, altering critical settings, redirecting traffic to malicious sites, and stealing user data.

Patchstack’s Rafie Muhammad shared the details on how to trigger the hash generation in a post yesterday, showing how to brute-force the hash to escalate privileges and then create a new administrator account via the REST API.

Muhammad’s method demonstrated that a brute force attack cycling through all 1 million possible security hash values at three requests per second can gain site access as any user ID in as little as a few hours and as much as a week.

LiteSpeed Cache is used by over 5 million sites. As of this writing, only about 30% run a safe version of the plugin, leaving an attack surface of millions of vulnerable websites.

WordPress security firm Wordfence reports that it has detected and blocked over 48,500 attacks targeting CVE-2024-28000 over the last 24 hours, a figure that reflects intense exploitation activity.

Wordfence’s Chloe Charmberland warned about this scenario yesterday, saying, “We have no doubts that this vulnerability will be actively exploited very soon.”

This is the second time this year that hackers have targeted LiteSpeed Cache. In May, attackers used a cross-site scripting flaw (CVE-2023-40000) to create rogue administrator accounts and take over vulnerable websites.

At the time, WPScan reported that threat actors began scanning for targets in April, with over 1.2 million probes detected from a single malicious IP address.

Users of LiteSpeed Cache are recommended to upgrade to the latest available version, 6.4.1, as soon as possible or uninstall the plugin from your website.

Leave a Comment Cancel Reply

London, GB

4:01 am, Jan 23, 2025

3°C

L: 2° | H: 3°

Feels like -1°C° overcast clouds

Humidity: 91 %

Pressure: 1005 mb

Wind: 9 mph SW

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 100%

Rain Chance: 0%

Visibility: 8 km

Sunrise: 7:51 am

Sunset: 4:33 pm

DailyHourly

Daily ForecastHourly Forecast

Today 9:00 pm

2° | 3°°C 1 mm 100% 19 mph 89 % 1005 mb 0 mm/h

Tomorrow 9:00 pm

5° | 11°°C 1 mm 100% 24 mph 91 % 1003 mb 0 mm/h

Sat Jan 25 9:00 pm

2° | 5°°C 0.25 mm 25% 6 mph 93 % 1011 mb 0.26 mm/h

Sun Jan 26 9:00 pm

1° | 7°°C 1 mm 100% 15 mph 95 % 1010 mb 0 mm/h

Mon Jan 27 9:00 pm

6° | 9°°C 1 mm 100% 27 mph 89 % 993 mb 0 mm/h

Today 6:00 am

3° | 3°°C 0 mm 0% 7 mph 89 % 1005 mb 0 mm/h

Today 9:00 am

4° | 4°°C 0 mm 0% 8 mph 87 % 1004 mb 0 mm/h

Today 12:00 pm

8° | 8°°C 1 mm 100% 18 mph 83 % 1000 mb 0 mm/h

Today 3:00 pm

7° | 7°°C 1 mm 100% 19 mph 71 % 999 mb 0 mm/h

Today 6:00 pm

6° | 6°°C 0.8 mm 80% 15 mph 72 % 1003 mb 0 mm/h

Today 9:00 pm

5° | 5°°C 0 mm 0% 10 mph 77 % 1004 mb 0 mm/h

Tomorrow 12:00 am

6° | 6°°C 0 mm 0% 12 mph 79 % 1002 mb 0 mm/h

Tomorrow 3:00 am

9° | 9°°C 1 mm 100% 22 mph 89 % 996 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€98,346.52	-3.13%
Ethereum(ETH)	€3,097.42	-3.26%
XRP(XRP)	€3.03	-0.90%
Tether(USDT)	€0.96	-0.07%
Solana(SOL)	€239.00	-2.14%
Dogecoin(DOGE)	€0.338242	-5.43%
USDC(USDC)	€0.96	-0.01%
Shiba Inu(SHIB)	€0.000019	-3.60%
Pepe(PEPE)	€0.000014	-7.35%
Peanut the Squirrel(PNUT)	€0.341212	-5.84%

Hackers are exploiting critical bug in LiteSpeed Cache plugin

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us