Vital Safety Flaw Present in LiteSpeed Cache Plugin for WordPress


Sep 06, 2024Ravie LakshmananWordPress / Webinar Safety

Cybersecurity researchers have found one more vital safety flaw within the LiteSpeed Cache plugin for WordPress that might permit unauthenticated customers to take management of arbitrary accounts.

The vulnerability, tracked as CVE-2024-44000 (CVSS rating: 7.5), impacts variations earlier than and together with 6.4.1. It has been addressed in model 6.5.0.1.

“The plugin suffers from an unauthenticated account takeover vulnerability which permits any unauthenticated customer to realize authentication entry to any logged-in customers and at worst can achieve entry to an Administrator degree position after which malicious plugins could possibly be uploaded and put in,” Patchstack researcher Rafie Muhammad said.

Cybersecurity

The invention follows an intensive safety evaluation of the plugin, which beforehand led to the identification of a vital privilege escalation flaw (CVE-2024-28000, CVSS rating: 9.8). LiteSpeed Cache is a well-liked caching plugin for the WordPress ecosystem with over 5 million energetic installations.

The brand new vulnerability stems from the truth that a debug log file named “/wp-content/debug.log” is publicly uncovered, which makes it potential for unauthenticated attackers to view probably delicate data contained within the file.

This might additionally embody consumer cookie data current inside HTTP response headers, successfully permitting customers to log in to a susceptible web site with any session that’s actively legitimate.

The decrease severity of the flaw is owing to the prerequisite that the debug characteristic have to be enabled on a WordPress web site for it to achieve success. Alternatively, it may additionally have an effect on websites that had activated the debug log characteristic in some unspecified time in the future up to now, however have didn’t take away the debug file.

It is essential to notice that this characteristic is disabled by default. The patch addresses the issue by shifting the log file to a devoted folder throughout the LiteSpeed plugin folder (“/wp-content/litespeed/debug/”), randomizing filenames, and dropping the choice to log cookies within the file.

Cybersecurity

Customers are suggested to examine their installations for the presence of the “/wp-content/debug.log” and take steps to purge them if the debugging characteristic has (or had) been enabled.

It is also beneficial to set an .htaccess rule to disclaim direct entry to the log recordsdata as malicious actors can nonetheless immediately entry the brand new log file in the event that they know the brand new filename by the use of a trial-and-error methodology.

“This vulnerability highlights the vital significance of guaranteeing the safety of performing a debug log course of, what information shouldn’t be logged, and the way the debug log file is managed,” Muhammad mentioned.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *