Cybersecurity experts have identified a new critical vulnerability in the LiteSpeed Cache plugin for WordPress, which could allow unauthenticated users to take control of arbitrary accounts; it should be noted that LiteSpeed Cache is not (unfortunately for him…) new to data security vulnerability issues.
LiteSpeed Cache and the new security flaw
The security flaw, identified as CVE-2024-44000 (with a score of 7.5 out of 10 in the CVSS rating system), affects older versions of the plugin, including 6.4.1; but fortunately the problem was fixed in version 6.5.0.1.
“The plugin is affected by a vulnerability that allows account takeover without the need for authentication. This allows any unauthenticated visitor to access logged in users and, in the worst case, gain administrator privileges, with the ability to upload and install malicious plugins“, has declared Patchstack researcher Rafie Muhammad.
The discovery comes following an in-depth security analysis of the plugin, which had previously led to the identification of another serious privilege escalation flaw (CVE-2024-28000CVSS score: 9.8); LiteSpeed Cache is one of the most popular caching plugins for WordPress, with over 5 million active installations.
The new vulnerability is related to the fact that a debug log file, called “/wp-content/debug.log”, is publicly exposed and this allows unauthenticated attackers to view potentially sensitive information contained in the file.
LiteSpeed Cache and Cookies
This information may include user cookies, included in HTTP response headers, allowing attackers to access a vulnerable site with any active, valid session.
The vulnerability is considered to be of minor severity as it requires the debug feature to be enabled on the WordPress site in order to be exploited. However, it could also affect sites that have enabled debug logging in the past but have not removed the log file.
It is important to note that this feature is disabled by default.; the update fixes the issue by moving the log file to a dedicated folder within the LiteSpeed plugin (“/wp-content/litespeed/debug/”), randomizing the file names, and removing the option to log cookies in the file.
Users are advised to check for the presence of the “/wp-content/debug.log” file and delete it if the debugging feature is enabled (or was enabled in the past).
It is also recommended to set a .htaccess rule to deny direct access to log files, since cybercriminals could still access the new log file through repeated attempts to guess the name.
“This vulnerability highlights the critical importance of ensuring security when performing the debugging process, specifying what data should not be logged and how to properly handle the log file,” Muhammad concluded.
Why LiteSpeed Cache Often Has Vulnerabilities
You may have noticed that this plugin has issues quite often.
LiteSpeed Cache is a very popular solution in the WordPress landscape, thanks to its ability to improve site performance through advanced page caching; however, Its very complexity and close interaction with various components of the WordPress system can represent a point of weakness.
The need to manipulate sensitive information such as cookies, authentication data, and HTTP responses, combined with the integration with other advanced features such as debugging, exposes LiteSpeed Cache to vulnerability risks. The plugin must handle a wide range of different configurations and environments, increasing the risk of introducing errors or security holes.
Its widespread diffusion makes it a privileged target for cyber criminals, who try to exploit any flaw to compromise the most vulnerable websites; for this reason, Keeping your plugin up to date and following the best possible security practices is essential to protecting WordPress sites that use it.
#LiteSpeed #Cache #Critical #Vulnerability
