Cybersecurity researchers have found yet one more vital safety flaw within the LiteSpeed Cache plugin for WordPress that would permit unauthenticated customers to take management of arbitrary accounts.
The vulnerability, tracked as CVE-2024-44000 (CVSS rating: 7.5), impacts variations earlier than and together with 6.4.1. It has been addressed in model 6.5.0.1.
“The plugin suffers from an unauthenticated account takeover vulnerability which allows any unauthenticated visitor to gain authentication access to any logged-in users and at worst can gain access to an Administrator level role after which malicious plugins could be uploaded and installed,” Patchstack researcher Rafie Muhammad mentioned.
The invention follows an in depth safety evaluation of the plugin, which beforehand led to the identification of a vital privilege escalation flaw (CVE-2024-28000, CVSS rating: 9.8). LiteSpeed Cache is a well-liked caching plugin for the WordPress ecosystem with over 5 million energetic installations.
The brand new vulnerability stems from the truth that a debug log file named “/wp-content/debug.log” is publicly uncovered, which makes it doable for unauthenticated attackers to view doubtlessly delicate info contained within the file.
This might additionally embrace person cookie info current inside HTTP response headers, successfully permitting customers to log in to a weak website with any session that’s actively legitimate.
The decrease severity of the flaw is owing to the prerequisite that the debug characteristic should be enabled on a WordPress website for it to achieve success. Alternatively, it may additionally have an effect on websites that had activated the debug log characteristic sooner or later up to now, however have didn’t take away the debug file.
It is vital to notice that this characteristic is disabled by default. The patch addresses the issue by transferring the log file to a devoted folder inside the LiteSpeed plugin folder (“/wp-content/litespeed/debug/”), randomizing filenames, and dropping the choice to log cookies within the file.
Customers are suggested to verify their installations for the presence of the “/wp-content/debug.log” and take steps to purge them if the debugging characteristic has (or had) been enabled.
It is also really helpful to set an .htaccess rule to disclaim direct entry to the log information as malicious actors can nonetheless immediately entry the brand new log file in the event that they know the brand new filename by the use of a trial-and-error methodology.
“This vulnerability highlights the critical importance of ensuring the security of performing a debug log process, what data should not be logged, and how the debug log file is managed,” Muhammad mentioned.
