Urgent: LiteSpeed Cache Bug Puts 6 million WordPress Sites at Risk of Takeover Attacks. Here is everything to know.

A critical vulnerability has been discovered in the LiteSpeed Cache plugin, affecting over 6 million WordPress sites. This bug, identified as CVE-2024-44000, poses a severe threat by allowing attackers to hijack user sessions and gain administrative access.

The Vulnerability

The LiteSpeed Cache plugin, known for its robust caching and site optimization features, suffers from an unauthenticated account takeover flaw. This vulnerability stems from an issue within the plugin’s debug log feature. When users log in, the debug log inadvertently leaks HTTP response headers, including sensitive “Set-Cookie” headers. If the debug log feature is enabled or has been previously activated, attackers can exploit this leak to hijack user sessions.

How the Attack Works

Attackers can gain access to logged-in accounts, including those with administrator privileges. Once they have administrative access, they can upload and install malicious plugins, taking complete control over the compromised site. The root of the vulnerability lies in the plugin’s ended function, which calls the self::debug() function with headers_list() data as its parameter. This function compiles all HTTP response headers, including the “Set-Cookie” header, and writes them into the debug log file.

Conditions for Exploitation

For this vulnerability to be exploited, two conditions must be met:

1. The debug log feature must be active or have been activated in the past without the log file being purged.
2. The attacker must be able to access the /wp-content/debug.log file, which retains the leaked cookies.

Response and Mitigation

In response to this critical vulnerability, the LiteSpeed team released a patch in version 6.5.0.1 of the plugin. The patch addresses the core issues, but additional recommendations were made to enhance the security of affected sites. These include implementing proper .htaccess rules to deny direct access to the new log files, as the current rules are insufficient to fully block access.

Recommendations for Users

Users of the LiteSpeed Cache plugin should immediately update to the latest version to mitigate the risk. Additionally, they should review their site’s security settings and ensure that the debug log feature is disabled unless absolutely necessary. Regularly purging log files and implementing strict access controls can further protect against potential attacks.

Conclusion

The discovery of this vulnerability highlights the importance of regular updates and vigilant security practices for WordPress site administrators. By staying informed and proactive, users can protect their sites from such critical threats and maintain a secure online presence.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it