Critical LiteSpeed Cache Plugin Vulnerability Allows WordPress Websites EoP

• A LiteSpeed Cache plugin flaw could expose over 6 million WordPress websites to escalation of privilege attacks.
• The vulnerability allows a hacker to gain administrator permissions via the exploit of the crawler feature.
• It’s connected to an earlier flaw related to a weak security hash susceptible to brute-force attacks.

A critical security vulnerability has been discovered in the LiteSpeed Cache plugin used by over six million WordPress sites. The flaw could allow unauthenticated attackers to gain administrator-level access, posing significant risks to affected websites. 

This vulnerability, identified as CVE-2024-50550, has been assigned a CVSS score of 8.1, highlighting its severe impact. LiteSpeed has addressed the flaw in version 6.5.2 by eliminating role simulation and enhancing hash generation.

The site acceleration plugin offers advanced caching functionality and optimization features. The issue, rooted in a function named is_role_simulation, mirrors an earlier vulnerability (CVE-2024-28000) and stems from a weak security hash susceptible to brute-force attacks. 

Exploitation is contingent on specific plugin configurations, particularly those involving the exploit of the crawler feature to simulate a logged-in user, including an administrator.

Recent disclosures have highlighted similar threats, such as the Ultimate Membership Pro flaws, prompting heightened vigilance among developers and users. Additionally, ongoing legal disputes between Automattic and WP Engine may lead to unsupported plugins, necessitating proactive security checks by site administrators.

“The latest vulnerability in LiteSpeed Cache exemplifies the critical need for unpredictable security mechanisms,” commented Rafie Muhammad, security researcher at Patchstack, who also recommended adopting more robust randomization techniques in hash generation.

Site administrators using LiteSpeed Cache should immediately update to version 6.5.2 and review plugin configurations to mitigate potential exploits. Awareness of plugin support status, especially amid repository changes, is crucial for maintaining site security.

In October, over 6,000 WordPress sites were compromised by malicious plugin campaigns that push infostealers like ClearFake and its variant ClickFix. Hackers used legitimate plugin names such as Wordfense Security and LiteSpeed Cache, which they embedded with malicious scripts.