Beware: hackers can abuse this plugin to gain full control over your WordPress site
An older version of LiteSpeed Cache, a popular WordPress website builder plugin, is vulnerable to a very serious flaw that hackers are increasingly exploiting.
The flaw is described as an unverified cross-site scripting vulnerability and is tracked as CVE-2023-40000. It has a severity score of 8.8.
By adding malicious JavaScript code directly to WordPress files via the plugin, the attackers can create new administrative accounts, effectively taking over the website completely. Administrator accounts can be used to modify site content, add or remove plugins, or change various settings. Victims may be redirected to malicious websites, shown malicious advertisements, or have their sensitive user data taken.
Solutions and solutions
The flaw was discovered by WPScan, a cybersecurity project that serves as an enterprise vulnerability database for WordPress. The researchers noted increased activity from several hacking groups as they scanned the Internet for compromised WordPress sites. These all run on LiteSpeed Cache version 5.7.0.1 or older. The current version is 6.2.0.1 and is considered immune to this bug.
One threat actor made more than a million investigation requests in April 2024 alone.
LiteSpeed Cache reportedly has over five million active users, of which roughly two million (1,835,000) use the outdated, vulnerable variant.
LiteSpeed Cache is a plugin that promises faster page load times, better user experience, and improved rankings on Google search results pages.
Those concerned that they will be targeted are advised to update their plugins to the latest version as soon as possible. Additionally, they should uninstall all plugins and themes that they are not actively using, and delete all suspicious files and folders.
Those who suspect they have already been targeted should look for suspicious strings in the database: “Search (the) database for suspicious strings such as ‘eval(atob(Strings.fromCharCode’),” WPScan said. “Specifically in the option litespeed.admin_display.messages.”
Through BleepingComputer