This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Secure Any CMS With Ease with Our Malware Protection Add-On! LEARN MORE→

LiteSpeed Cache Bug Exposes 6 Million WordPress Sites to Takeover Attacks

Updated on September 6, 2024

2 Min Read

A critical vulnerability has been found in the LiteSpeed Cache plugin, affecting over 6 million WordPress sites. The flaw, tracked as CVE-2024-44000, was discovered by Patchstack’s Rafie Muhammad on August 22, 2024, and a fix was released yesterday with LiteSpeed Cache version 6.5.0.1.


This unauthenticated account takeover issue is tied to the plugin’s debug logging feature, which logs all HTTP response headers, including “Set-Cookie” headers, into a file. These session cookies are used to authenticate users, and if an attacker gains access to the debug log file (located at ‘/wp-content/debug.log’), they could impersonate an admin user and take control of the site.

The attack can occur if the debug feature was active while users were logged in, and no file access restrictions (such as .htaccess rules) were applied. If logs were not wiped regularly, even older session cookies could be compromised.

To resolve the issue, LiteSpeed Technologies moved the debug logs to a dedicated folder (‘/wp-content/litespeed/debug/’), randomized log filenames, removed the option to log cookies, and added extra protections. Users are strongly urged to delete all debug.log files and implement .htaccess rules to prevent future access.

Despite the patch release, over 5.6 million sites may still be vulnerable. WordPress.org reported that 375,000 users downloaded the updated plugin yesterday, but millions remain at risk.

LiteSpeed Cache has faced several security issues recently. In May 2024, hackers exploited an unauthenticated cross-site scripting flaw (CVE-2023-40000), and in August 2024, another unauthenticated privilege escalation vulnerability (CVE-2024-28000) led to massive attacks.

As threat actors continue to target outdated versions of the plugin, updating and securing your WordPress site is critical to avoiding takeover attempts.

Keeping your plugins updated is essential to protecting your site from these critical vulnerabilities.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Growing with Cloudways Today.

Our Clients Love us because we never compromise on these

Sandhya Goswami

Sandhya is a contributing author at Cloudways, specializing in content promotion and performance analysis. With a strong analytical approach and a keen ability to leverage data-driven insights, Sandhya excels in measuring the success of organic marketing initiatives.

×

Thankyou for Subscribing Us!

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Want to Experience the Cloudways Platform in Its Full Glory?

Take a FREE guided tour of Cloudways and see for yourself how easily you can manage your server & apps on the leading cloud-hosting platform.

Start my tour

CYBER WEEK SAVINGS

  • 0

    Days

  • 0

    Hours

  • 0

    Mints

  • 0

    Sec

GET OFFER

For 4 Months &
40 Free Migrations

For 4 Months &
40 Free Migrations

Upgrade Now