Critical Security Flaw Discovered in LiteSpeed Cache Plugin for WordPress
Cybersecurity experts have identified a significant vulnerability in the LiteSpeed Cache plugin for WordPress, which could potentially allow unauthorized users to gain control over arbitrary accounts. This weakness, identified as CVE-2024-44000 and carrying a CVSS score of 7.5, affects all versions up to and including 6.4.1. The flaw has been resolved in version 6.5.0.1 of the plugin.
According to Patchstack researcher Rafie Muhammad, the vulnerability permits unauthenticated visitors to take over the authentication of any logged-in user. In severe cases, this can enable an attacker to obtain Administrator-level access, thereby allowing the installation of malicious plugins. Such access poses significant risks to website integrity and user data security.
The discovery of this vulnerability follows a comprehensive security audit that previously unveiled another critical issue within the same plugin, designated as CVE-2024-28000, with a CVSS score of 9.8. The LiteSpeed Cache plugin is a widely used tool within the WordPress ecosystem, boasting over five million active installations, making it a considerable target for cyber threats.
This recent vulnerability arises from the exposure of a debug log file, located at "/wp-content/debug.log." This log file can provide potential attackers with sensitive information, which may include cookies linked to user sessions. Consequently, if an attacker can access this data, they may log in to vulnerable sites using active user sessions, further undermining user security.
The severity of the vulnerability is moderated by the condition that the debug feature must be activated on the WordPress site for an attack to be successful. Sites that have previously enabled debugging but neglected to delete the debug file are also at risk. It’s important to note that WordPress disables this feature by default. The recently issued patch has moved the log file to a secure location within the plugin’s folder and implemented measures to obfuscate file names and eliminate cookie logging capabilities.
In light of this vulnerability, users are strongly encouraged to verify their installations for the presence of the "/wp-content/debug.log" file and to delete it if the debugging feature has been enabled at any point. Additionally, website administrators should consider implementing an .htaccess rule to restrict direct access to log files, as malicious actors may still find a way to access the new log file through trial-and-error if they know the filename.
This incident underscores the importance of secure management practices for debug logs and the handling of sensitive data. Muhammad stressed the need to analyze what information should be logged and how these logs are safeguarded.
For business owners concerned about cybersecurity, understanding the implications of such vulnerabilities is crucial. Adversaries may employ tactics associated with the MITRE ATT&CK framework, such as initial access and privilege escalation, to exploit weaknesses like this one. Keeping abreast of these developments and employing robust security measures are essential steps in mitigating risks associated with website vulnerabilities.
