Hackers are exploiting critical bug in LiteSpeed Cache plugin

Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public.

The security issue is tracked as CVE-2024-28000 and allows escalating privileges without authentication in all versions of the WordPress plugin up to 6.3.0.1.

The vulnerability stems from a weak hash check in the plugin’s user simulation feature which can be exploited by attackers brute-forcing the hash value to create rogue admin accounts.

This could lead to a complete takeover of the affected websites, allowing the installation of malicious plugins, altering critical settings, redirecting traffic to malicious sites, and stealing user data.

Patchstack’s Rafie Muhammad shared the details on how to trigger the hash generation in a post yesterday, showing how to brute-force the hash to escalate privileges and then create a new administrator account via the REST API.

Muhammad’s method demonstrated that a brute force attack cycling through all 1 million possible security hash values at three requests per second can gain site access as any user ID in as little as a few hours and as much as a week.

LiteSpeed Cache is used by over 5 million sites. As of this writing, only about 30% run a safe version of the plugin, leaving an attack surface of millions of vulnerable websites.

WordPress security firm Wordfence reports that it has detected and blocked over 48,500 attacks targeting CVE-2024-28000 over the last 24 hours, a figure that reflects intense exploitation activity.

Wordfence’s Chloe Charmberland warned about this scenario yesterday, saying, “We have no doubts that this vulnerability will be actively exploited very soon.”

This is the second time this year that hackers have targeted LiteSpeed Cache. In May, attackers used a cross-site scripting flaw (CVE-2023-40000) to create rogue administrator accounts and take over vulnerable websites.

At the time, WPScan reported that threat actors began scanning for targets in April, with over 1.2 million probes detected from a single malicious IP address.

Users of LiteSpeed Cache are recommended to upgrade to the latest available version, 6.4.1, as soon as possible or uninstall the plugin from your website.

Leave a Comment Cancel Reply

London, GB

11:08 pm, Jun 30, 2025

25°C

L: 23° | H: 26°

Feels like 25°C° clear sky

Humidity: 63 %

Pressure: 1014 mb

Wind: 3 mph SSE

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 0%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 4:46 am

Sunset: 9:21 pm

DailyHourly

Daily ForecastHourly Forecast

Tomorrow 10:00 pm

23° | 26°°C 0 mm 0% 11 mph 65 % 1015 mb 0 mm/h

Wed Jul 02 10:00 pm

19° | 26°°C 0 mm 0% 12 mph 75 % 1024 mb 0 mm/h

Thu Jul 03 10:00 pm

14° | 26°°C 0 mm 0% 7 mph 53 % 1029 mb 0 mm/h

Fri Jul 04 10:00 pm

16° | 28°°C 0 mm 0% 10 mph 47 % 1028 mb 0 mm/h

Sat Jul 05 10:00 pm

16° | 21°°C 1 mm 100% 12 mph 90 % 1019 mb 0 mm/h

Tomorrow 1:00 am

23° | 24°°C 0 mm 0% 3 mph 62 % 1014 mb 0 mm/h

Tomorrow 4:00 am

21° | 22°°C 0 mm 0% 3 mph 65 % 1014 mb 0 mm/h

Tomorrow 7:00 am

22° | 22°°C 0 mm 0% 5 mph 61 % 1014 mb 0 mm/h

Tomorrow 10:00 am

28° | 28°°C 0 mm 0% 3 mph 44 % 1014 mb 0 mm/h

Tomorrow 1:00 pm

30° | 30°°C 0 mm 0% 6 mph 32 % 1014 mb 0 mm/h

Tomorrow 4:00 pm

34° | 34°°C 0 mm 0% 8 mph 26 % 1013 mb 0 mm/h

Tomorrow 7:00 pm

32° | 32°°C 0 mm 0% 11 mph 31 % 1013 mb 0 mm/h

Tomorrow 10:00 pm

25° | 25°°C 0 mm 0% 8 mph 46 % 1015 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€91,726.36	0.08%
Ethereum(ETH)	€2,141.69	2.99%
Tether(USDT)	€0.85	0.00%
XRP(XRP)	€1.95	4.59%
Solana(SOL)	€134.28	4.10%
USDC(USDC)	€0.85	0.00%
Dogecoin(DOGE)	€0.142338	1.58%
Shiba Inu(SHIB)	€0.000010	0.00%
Pepe(PEPE)	€0.000009	2.69%

Hackers are exploiting critical bug in LiteSpeed Cache plugin

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us