Security researchers have found another critical vulnerability in the LiteSpeed Cache plugin for WordPress that could allow malicious actors to take over websites.
Four months after patching an unauthenticated cross-site scripting flaw, the popular optimization plugin was found to be vulnerable to a bug described as an “unauthenticated account takeover vulnerability.” In other words, an unauthenticated malicious visitor could exploit the flaw to gain access to any logged-in user, including administrator accounts. That, you might assume, gives the attacker full access to the website to do whatever they want.
The bug is tracked as CVE-2024-44000 and has a severity score of 7.5. Version 6.4.1 and all versions before that are believed to be vulnerable. A patch has been deployed that brings LiteSpeed Cache to version 6.5.0.1 and users are advised to install it as soon as possible.
Low severity score
Patchstack researchers detailed how the flaw works, saying that LiteSpeed Cache left the debug.log file public, allowing unauthenticated individuals to view sensitive information contained within it. In addition to login credentials, the file contains cookie information, HTTP response headers, and more.
The bug was given a relatively low severity score because WordPress requires debugging to be enabled in order to exploit the bug. It is disabled by default.
“This vulnerability highlights the importance of ensuring the security of the execution of a debug logging process, what data should not be logged, and how the debug log file is managed,” Patchstack said.
LiteSpeed Cache is a plugin for the website builder WordPress that promises faster page load times, better user experience, and improved rankings on the Google search results page. It is designed to improve website performance by reducing page load times, which it achieves by storing static versions of dynamic content. When a user requests a page, LSCache serves the cached version, allowing the server to regenerate the page less often. This results in faster response times and lower server load.
Via The Hacker News