8.6 C
New York
Wednesday, November 27, 2024

Important Flaw in WordPress LiteSpeed Cache Plugin Permits Hackers Admin Entry


Aug 22, 2024Ravie LakshmananWeb site Safety / Vulnerability

Important Flaw in WordPress LiteSpeed Cache Plugin Permits Hackers Admin Entry

Cybersecurity researchers have disclosed a crucial safety flaw within the LiteSpeed Cache plugin for WordPress that would allow unauthenticated customers to realize administrator privileges.

“The plugin suffers from an unauthenticated privilege escalation vulnerability which permits any unauthenticated customer to realize Administrator stage entry after which malicious plugins could possibly be uploaded and put in,” Patchstack’s Rafie Muhammad stated in a Wednesday report.

The vulnerability, tracked as CVE-2024-28000 (CVSS rating: 9.8), has been patched in model 6.4 of the plugin launched on August 13, 2024. It impacts all variations of the plugin, together with and prior to six.3.0.1.

Cybersecurity

LiteSpeed Cache is without doubt one of the most generally used caching plugins in WordPress with over 5 million lively installations.

In a nutshell, CVE-2024-28000 makes it attainable for an unauthenticated attacker to spoof their person ID and register as an administrative-level person, successfully granting them privileges to take over a susceptible WordPress web site.

The vulnerability is rooted in a person simulation function within the plugin that makes use of a weak safety hash that suffers from using a trivially guessable random quantity because the seed.

Particularly, there are just one million attainable values for the safety hash because of the truth that the random quantity generator is derived from the microsecond portion of the present time. What’s extra, the random quantity generator just isn’t cryptographically safe and the generated hash is neither salted nor tied to a selected request or a person.

“That is because of the plugin not correctly limiting the function simulation performance permitting a person to set their present ID to that of an administrator, if they’ve entry to a sound hash which might be discovered within the debug logs or by brute power,” Wordfence stated in its personal alert.

“This makes it attainable for unauthenticated attackers to spoof their person ID to that of an administrator, after which create a brand new person account with the administrator function using the /wp-json/wp/v2/customers REST API endpoint.”

Cybersecurity

It is necessary to notice that the vulnerability can’t be exploited on Home windows-based WordPress installations because of the hash era perform’s reliance on a PHP methodology referred to as sys_getloadavg() that is not applied on Home windows.

“This vulnerability highlights the crucial significance of making certain the power and unpredictability of values which are used as safety hashes or nonces,” Muhammad stated.

With a beforehand disclosed flaw in LiteSpeed Cache (CVE-2023-40000, CVSS rating: 8.3) exploited by malicious actors, it is crucial that customers transfer rapidly to replace their situations to the newest model.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles