LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites

LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites

WordPress websites have been under attack lately, with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin, claim Automattic’s security team, WPScan.

As of 2024, there are over 1.89 billion websites on the internet, with around 835 million relying on WordPress as their Content Management System (CMS), constituting approximately 43.3% of the total number of websites worldwide. This makes the CMS a lucrative target for cyber criminals.

According to WPSCan’s blog post, threat actors are exploiting a stored cross-site scripting (XSS) vulnerability in the plugin that allows an unauthenticated user to elevate privileges through specially crafted HTTP requests. LiteSpeed Cache plugin versions older than 5.7.0.1 are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000, and disclosed by Patchstack in February 2024. 

Understanding the Vulnerability

The vulnerability lies in unauthenticated stored XSS (cross-site scripting) within older versions of the plugin. Unauthenticated XSS means an attacker doesn’t need login credentials to inject malicious code.

On the other hand, Stored XSS means the malicious code gets stored on your website’s database, infecting any user who visits the compromised page. Attackers are injecting malicious JavaScript code in WordPress files and database, creating administrator users named ‘wpsupp‑user’ or ‘wp‑configuser,’ by exploiting this flaw.

You can identify malicious URLs and IPs as they generally include (startservicefounds . com/service/f.php, apistartservicefounds. com, and (cachecloudswiftcdn . com), and malware associated IP was tracked as 45.150.67.235.

Critical XSS Vulnerability in LiteSpeed Cache Plugin Affects Over 1.8M WordPress Sites

Potential Dangers

LiteSpeed Cache is a popular plugin, used in over five million WordPress sites for its Google Search ranking-boosting capabilities. The flaw was addressed in October 2023 in version 5.7.0.1 while the latest version, 6.2.0.1, was released on April 25, 2024. However, despite migration to non-vulnerable versions, 1,835,000 users still run vulnerable releases, indicating infection, researchers noted.

Creating admin accounts on WordPress sites can lead to severe consequences, allowing threat actors to gain full control and perform arbitrary actions, such as injecting malware or installing malicious plugins. Exercise Caution!

This development comes after Sucuri revealed a redirect scam campaign called Mal.Metrica, which uses fake CAPTCHA prompts to redirect users to fraudulent sites. 

To secure your WordPress site, update the LiteSpeed Cache plugin to the latest version, scan for malware using a reputable WordPress security scanner, and change all login credentials. WPScan recommends searching for suspicious strings in the litespeed.admin_display.messages option or presence of wpsupp-user.

  1. 5 Best CAPTCHA Plugins for WordPress Websites
  2. WordPress Websites Hacked with New Sign1 Malware
  3. WordPress Websites Being Hacked with Balada Malware
  4. FakeUpdates Malware Targets Millions of WordPress Sites
  5. Zero-Day Exploit Threatens 200,000 WordPress Websites

Source link

One of the best games of all time is included with Netflix on iOS, and just in time for its sequel Previous post One of the best games of all time is included with Netflix on iOS, and just in time for its sequel
Dragon Age: Dreadwolf expected to arrive before spring 2025, per new report and slight hints from Electronic Arts Next post Dragon Age: Dreadwolf expected to arrive before spring 2025, per new report and slight hints from Electronic Arts

Leave a Reply

Your email address will not be published. Required fields are marked *