Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000).
🔹 WordPress is a popular open source CMS (835 million websites) that supports third-party plugins.
🔹 LiteSpeed Cache is one such plugin. It increases the loading speed of website pages by caching them. The free version is used on 5 million websites.
On August 13, a critical vulnerability of this plugin was released. A remote unauthenticated attacker can obtain administrator rights. 😱 According to the write-up, the attacker brute-forces the hash used for authentication. This hash is generated insecurely, so there are only a million of its possible values. If you make 3 requests to the website per second, then brute-force and obtaining admin rights takes from several hours to a week.
👾 The PoC is available on GitHub and attackers are already actively exploiting the vulnerability.
Update to version 6.4.1 and higher.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.