Hackers have already began to take advantage of the crucial severity vulnerability that impacts LiteSpeed Cache, a WordPress plugin used for accelerating response instances, a day after technical particulars change into public.
The safety situation is tracked as CVE-2024-28000 and permits escalating privileges with out authentication in all variations of the WordPress plugin as much as 6.3.0.1.
The vulnerability stems from a weak hash verify within the plugin’s person simulation function which could be exploited by attackers brute-forcing the hash worth to create rogue admin accounts.
This might lead to an entire takeover of the affected web sites, permitting the set up of malicious plugins, altering crucial settings, redirecting visitors to malicious websites, and stealing person knowledge.
Patchstack’s Rafie Muhammad shared the main points on how one can set off the hash technology in a publish yesterday, displaying how one can brute-force the hash to escalate privileges after which create a brand new administrator account through the REST API.
Muhammad’s technique demonstrated {that a} brute power assault biking by way of all 1 million potential safety hash values at three requests per second can achieve website entry as any person ID in as little as a number of hours and as a lot as every week.
LiteSpeed Cache is utilized by over 5 million websites. As of this writing, solely about 30% run a secure model of the plugin, leaving an assault floor of tens of millions of susceptible web sites.
WordPress safety agency Wordfence studies that it has detected and blocked over 48,500 assaults focusing on CVE-2024-28000 during the last 24 hours, a determine that displays intense exploitation exercise.
Wordfence’s Chloe Charmberland warned about this state of affairs yesterday, saying, “We have no doubts that this vulnerability will be actively exploited very soon.”
That is the second time this yr that hackers have focused LiteSpeed Cache. In Might, attackers used a cross-site scripting flaw (CVE-2023-40000) to create rogue administrator accounts and take over susceptible web sites.
On the time, WPScan reported that menace actors started scanning for targets in April, with over 1.2 million probes detected from a single malicious IP deal with.
Customers of LiteSpeed Cache are beneficial to improve to the most recent out there model, 6.4.1, as quickly as potential or uninstall the plugin out of your web site.
