A critical vulnerability has been found in the LiteSpeed Cache plugin, affecting over 6 million WordPress sites. The flaw, tracked as CVE-2024-44000, was discovered by Patchstack’s Rafie Muhammad on August 22, 2024, and a fix was released yesterday with LiteSpeed Cache version 6.5.0.1.
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks https://t.co/IxxDlh8536 #Security
— The Cyber Security Hub™ (@TheCyberSecHub) September 5, 2024
This unauthenticated account takeover issue is tied to the plugin’s debug logging feature, which logs all HTTP response headers, including “Set-Cookie” headers, into a file. These session cookies are used to authenticate users, and if an attacker gains access to the debug log file (located at ‘/wp-content/debug.log’), they could impersonate an admin user and take control of the site.
The attack can occur if the debug feature was active while users were logged in, and no file access restrictions (such as .htaccess rules) were applied. If logs were not wiped regularly, even older session cookies could be compromised.
To resolve the issue, LiteSpeed Technologies moved the debug logs to a dedicated folder (‘/wp-content/litespeed/debug/’), randomized log filenames, removed the option to log cookies, and added extra protections. Users are strongly urged to delete all debug.log files and implement .htaccess rules to prevent future access.
Despite the patch release, over 5.6 million sites may still be vulnerable. WordPress.org reported that 375,000 users downloaded the updated plugin yesterday, but millions remain at risk.
LiteSpeed Cache has faced several security issues recently. In May 2024, hackers exploited an unauthenticated cross-site scripting flaw (CVE-2023-40000), and in August 2024, another unauthenticated privilege escalation vulnerability (CVE-2024-28000) led to massive attacks.
As threat actors continue to target outdated versions of the plugin, updating and securing your WordPress site is critical to avoiding takeover attempts.
Keeping your plugins updated is essential to protecting your site from these critical vulnerabilities.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Sandhya Goswami
Sandhya is a contributing author at Cloudways, specializing in content promotion and performance analysis. With a strong analytical approach and a keen ability to leverage data-driven insights, Sandhya excels in measuring the success of organic marketing initiatives.