Significant Security Vulnerability Detected in LiteSpeed Cache Extension for WordPress
A group of cybersecurity investigators has unearthed another crucial security glitch in the LiteSpeed Cache extension for WordPress that may empower unauthorized users to gain control of random accounts.
The flaw, known as CVE-2024-44000 (CVSS score: 7.5), affects versions up to 6.4.1, and has been remedied in version 6.5.0.1.
“The add-on is afflicted by an unauthorized account commandeering loophole permitting any unauthenticated visitor to obtain authentication privileges of any logged-in users, and at the worst, can gain entry to an Administrator-level position, thereafter, corrupt plugins could be uploaded and executed,” vocalized Rafie Muhammad, a researcher at Patchstack stated.
This revelation comes subsequent to a comprehensive security scrutiny of the extension, which previously led to the revealing of a significant privilege enhancement defect (CVE-2024-28000, CVSS score: 9.8). LiteSpeed Cache is a sought-after caching add-on for the WordPress framework with more than 5 million active installations.
The fresh vulnerability arises because a debug log document titled “/wp-content/debug.log” is publicly exposed, thus rendering it feasible for unauthorized attackers to view potentially delicate information stored in the file.
This could additionally encompass user cookie details existing within HTTP response headers, permitting users to log into a vulnerable site utilizing any currently valid session.
The lowered seriousness of this defect is due to the condition that the debug feature must be activated on a WordPress site for it to be successful. Conversely, it could also influence sites that had engaged the debug log feature at some point in the past but have neglected to eradicate the debug document.
It should be noted that this feature is deactivated by default. The fix tackles the issue by moving the log document to a dedicated directory within the LiteSpeed add-on folder (“/wp-content/litespeed/debug/”), randomizing filenames, and eliminating the choice to log cookies in the document.
It is advised for users to conduct an inspection on their installations to verify the existence of the “/wp-content/debug.log” and to take actions to eliminate them if the debugging capability has (or had) been activated.
It is also suggested to configure an .htaccess regulation to disallow direct access to the log documents as malevolent entities can still directly reach the new log document if they identify the new filename through a trial-and-error approach.
“This deficiency underscores the pivotal importance of ensuring the protection of executing a debug log process, what data should not be logged, and how the debug log document is managed,” Muhammad emphasized.
About Author
