A critical vulnerability in the LiteSpeed Cache WordPress plugin has left over 6 million websites exposed to potential attacks. It was recently discovered that this can cause unauthenticated account takeovers of entire WordPress websites. It is even more concerning that you can’t simply update to the plugin’s latest version and think the issue is resolved. You have to take some more steps to ensure the issue is resolved.

What Does LiteSpeed Cache Plugin Do?

The LiteSpeed Cache Plugin is one of WordPress’s most widely used performance optimization plugins, with over 6 million active installations. We used to recommend this plugin to our clients for faster page load times and improved overall performance. We identified that this plugin not only caches data but also implements additional performance-boosting measures, such as:

• CSS and JavaScript Minification
• Inline CSS
• Advanced Image Optimization

However, this latest vulnerability has opened up a debate about whether a custom solution for speed optimization is a far more secure and safe choice. It costs more, but you would never have to worry about something like this.

Unauthenticated Privilege Escalation Vulnerability

The newly identified vulnerability is classified as an unauthenticated privilege escalation. This type of vulnerability is particularly dangerous because it allows hackers to gain administrative control of a website without needing to log in. In contrast to an authenticated vulnerability, which requires the attacker to first gain some level of access, an unauthenticated vulnerability offers a more direct path for exploitation.

The primary cause of this vulnerability is a flaw in the plugin’s handling of the debug log feature. When the debug log is enabled, certain sensitive data is logged into the /wp-content/debug.logfile. If the log is not properly purged after use, this data could potentially be exposed, leading to privilege escalation and, ultimately a site takeover.

What Conditions Do The Hackers Exploit?

Two key conditions must be present for the vulnerability to be exploited:

1. The LiteSpeed Cache plugin must have its debug log feature activated at least once.
2. The debug log file (/wp-content/debug.log) must remain on the server without being purged or removed.

This vulnerability, while serious, only becomes exploitable under these specific circumstances. However, given the widespread use of LiteSpeed Cache, even this limited scope could potentially put millions of websites at risk.

Primotech Recommendation

We strongly recommend you to update to the latest version 6.5.0.1. However, updating alone might not be sufficient. We also recommend to debug logs created by the plugin and manually purge them.

If you are unfamiliar with purging debug logs, you can reach out to us for professional help. We specialize in WordPress development and maintenance and our team of experts can assist in both updating plugins and securing your site from future vulnerabilities.

Keep Up to Date With The Latest Vulnerability News

WordPress plugin vulnerabilities have been on the rise, with security researchers discovering over 500 vulnerabilities in 2023 alone. The increasing complexity of plugins and the diverse range of functions they perform has created more opportunities for security flaws. In this case, the LiteSpeed Cache vulnerability underscores the importance of routine

WordPress updates and site maintenance.

According to Sucuri’s 2023 Hacked Website Report, 90% of hacked CMS-based sites were running outdated versions of plugins or themes. This statistic highlights the critical need for site administrators to regularly update their WordPress installations, plugins, and themes.

The LiteSpeed Cache vulnerability serves as a reminder of the ever-present risks associated with third-party plugins. Even highly trusted plugins with millions of active installations can fall victim to security flaws, which is why proactive measures are crucial.

If you’re a LiteSpeed Cache user, updating to the latest version and manually purging your debug logs is essential. For added peace of mind and to prevent future vulnerabilities, please get your WordPress site audited by Primotech, and get a consultation on how our customized

WordPress development and maintenance services can future proof your WordPress site from any vulnerabilities. We strongly focus on site optimization and security – reach out to us for more information.