Hackers Feast on New LiteSpeed Cache Flaw: Millions of WordPress Sites at Risk

Hot Take:

Looks like LiteSpeed Cache is the favorite snack for hackers this year. If your website isn’t updated, you might as well roll out the red carpet for cybercriminals!

Key Points:

• New vulnerability CVE-2024-28000 affects LiteSpeed Cache plugin up to version 6.3.0.1.
• Allows privilege escalation without authentication via weak hash checks.
• Over 5 million websites use LiteSpeed Cache, with only 30% currently safe.
• Wordfence detected over 48,500 attacks in the last 24 hours.
• Users advised to upgrade to version 6.4.1 or uninstall the plugin.

LiteSpeed Cache: The Hacker’s Buffet

In a move that surprises absolutely no one, hackers have already started exploiting a critical vulnerability in the LiteSpeed Cache WordPress plugin, just a day after the technical details were publicized. Dubbed CVE-2024-28000, this vulnerability could give attackers the keys to your website’s kingdom, allowing them to escalate privileges and create rogue admin accounts faster than you can say “password123.”

Weak Hash, Big Problems

The vulnerability is basically a weak spot in the plugin’s hash check system, specifically within the user simulation feature. This allows hackers to brute-force the hash value and generate rogue admin accounts. You know, the usual hacker party tricks. In plain English, if your LiteSpeed Cache isn’t up to date, hackers can hijack your site, install malicious plugins, redirect your traffic to shady sites, and make off with your user data like digital pirates.

Brute Forcing: The Cybercriminal’s Cardio

Rafie Muhammad from Patchstack demonstrated just how easy it is to exploit this flaw. Using a brute force attack that can cycle through all one million possible security hash values at three requests per second, hackers can gain site access in a matter of hours to a week. That’s quicker than some people respond to emails! Given that only 30% of the 5 million LiteSpeed Cache users have updated to a safe version, the remaining 70% might as well be sitting ducks.

The Exploit Frenzy

Wordfence, the digital bouncers of the WordPress world, have reported a staggering 48,500 attacks targeting CVE-2024-28000 in just the last 24 hours. That’s some serious hustle from the cybercriminal community. Chloe Charmberland from Wordfence warned that this vulnerability would be exploited very soon, and it looks like she was right on the money.

Déjà Vu All Over Again

This isn’t LiteSpeed Cache’s first rodeo with vulnerabilities this year. Back in May, hackers exploited a cross-site scripting flaw (CVE-2023-40000) to create rogue admin accounts and take over websites. It seems like hackers have a soft spot for this plugin, making it essential for users to stay vigilant and keep their plugins updated.

Final Call: Update or Uninstall

The takeaway here is simple: if you’re using LiteSpeed Cache, update to version 6.4.1 immediately or consider uninstalling it altogether. Leaving your website vulnerable is like leaving your front door wide open with a sign that says “Free Stuff Inside.” Don’t be that person. Update now and keep the hackers at bay.

And that’s the lowdown on the latest cybersecurity drama. Remember folks, in the world of cybersecurity, staying updated is half the battle won!