Application security, Vulnerability Management, Patch/Configuration Management

Widespread WordPress site takeovers likely with critical LiteSpeed Cache bug

Today’s columnist, Sebastian Gierlinger of Storyblok, offers nine tips for integrating a content management system with an ecommerce platform. (Credit: Getty Images Stock Photo)

More than six million WordPress sites could be hijacked in attacks exploiting the recently patched critical unauthenticated account takeover vulnerability in the LiteSpeed Cache plugin, tracked as CVE-2024-44000, BleepingComputer reports.

Exploitation of the flaw, which stems from LiteSpeed Cache's debug logging functionality, could be conducted by attackers with '/wp-content/debug.log' file access to exfiltrate users' session cookies, spoof admin users, and takeover websites. Aside from removing all 'debug.log' files that contain at-risk session cookies, admins of WordPress sites using the plugin have been urged to establish an '.htaccess' rule to prevent direct log file access. Such a development comes amid recent targeting of vulnerable LiteSpeed Cache instances, with the critical unauthenticated privilege escalation bug, tracked as CVE-2024-28000, reported to have been exploited by several threat actors hours after its disclosure two weeks ago. Attackers have also launched attacks aimed at compromising sites with LiteSpeed Cache implementations impacted by the unauthenticated cross-site scripting flaw, tracked as CVE-2023-40000, in May.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds