WordPress: Hackers Exploit LiteSpeed Cache Plugin Vulnerability
Hackers have set their sights on WordPress sites, exploiting an outdated iteration of the LiteSpeed Cache plugin to gain administrative privileges. LiteSpeed Cache, a caching tool revered for optimizing page loads and enhancing user experience, has inadvertently become a vulnerability for over five million WordPress sites.
The alarm was raised by Automattic’s security team, WPScan, as they noted a substantial uptick in malicious activity during April. Threat actors were detected prowling for WordPress sites running versions of the plugin preceding 5.7.0.1, which harbor a critical unauthenticated cross-site scripting flaw, designated CVE-2023-40000, posing a high-severity threat.
The onslaught from a single IP address, 94[.]102[.]51[.]144, unleashed over 1.2 million probing requests, underscoring the magnitude of the assault.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Per WPScan’s findings, the attacks entail the injection of malevolent JavaScript code into pivotal WordPress files or databases, thereby establishing administrator accounts under guises such as ‘wpsupp‑user’ or ‘wp‑configuser.’ Another telltale sign of compromise lies in the presence of the “eval(atob(Strings.fromCharCode” string within the “litespeed.admin_display.messages” option in the database.
Malicious JS code creating rogue admin users
WPScan
While a considerable portion of LiteSpeed Cache users has transitioned to secure releases, an alarming figure of up to 1,835,000 remains ensnared by the vulnerability.
Meanwhile, the onslaught extends beyond LiteSpeed Cache. Wallarm’s recent disclosure highlighted a parallel campaign targeting the “Email Subscribers” plugin, capitalizing on CVE-2024-2876, a critical SQL injection vulnerability.
Trending: Offensive Security Tool: pphack
Despite its comparatively modest user base of 90,000 installations, the plugin’s exploitation underscores hackers’ indiscriminate pursuit of vulnerabilities.
The imperative for WordPress administrators is clear: immediate plugin updates, elimination of redundant components, and vigilant monitoring for suspicious admin activity. In the event of a confirmed breach, a comprehensive cleanup protocol is indispensable, necessitating the eradication of rogue accounts, password resets, and restoration from pristine backups. Vigilance is paramount in the ongoing battle to safeguard WordPress sites from relentless cyber threats.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
