Hey there, WordPress admins! If you’re using the Litespeed Cache plugin, it’s crucial to update your sites with the latest release to stay secure. There’s a critical vulnerability that could allow unauthenticated attackers to take control of your website.
Stay Safe: LiteSpeed Cache Plugin Vulnerability Alert
Recently, security researcher John Blackbourn from PatchStack uncovered a serious privilege escalation flaw in the LiteSpeed Cache plugin.
The LiteSpeed Cache for WordPress is a popular choice for over 5 million active installations due to its server-level cache and optimization features. However, a vulnerability in the plugin’s crawler feature posed a significant risk. This flaw allowed attackers to impersonate authenticated users and potentially gain full control over websites, including installing malicious plugins.
The vulnerability, known as CVE-2024-28000, was rated critical with a high CVSS score of 9.8. It affected all plugin versions up to 6.3.0.1. You can find a detailed technical breakdown of the issue in PatchStack’s recent post.
Act Now: Vulnerability Fixed in Latest Release
Upon discovery, Blackbourn responsibly disclosed the vulnerability to the plugin developers via Patchstack. They swiftly addressed the issue in version 6.4 of the LiteSpeed Cache plugin. As a reward for his findings, Blackbourn received a $14,400 bounty through the Patchstack Zero Day program.
To safeguard your website, make sure to update to the latest version of the LiteSpeed Cache plugin (6.4.1). You can find this update on the plugin’s official page.
We’d love to hear your thoughts in the comments below!
