LiteSpeed Cache Plugin Vulnerability Exposes WordPress Admin Access

Popular WordPress plugin LiteSpeed Cache has been recently patched against a significant security flaw that would enable attackers to take over vulnerable websites.

The flaw, tracked as CVE-2024-50550, involves a privilege elevation issue that could allow unauthenticated users to gain admin access to WordPress websites.

Discovery and Impact of CVE-2024-50550

A Taiwanese researcher identified the flaw and reported it to WordPress security firm Patchstack on September 23. The issue stems from a weak hash check in LiteSpeed Cache’s “role simulation” feature, designed to help website crawlers simulate different user levels to optimize content delivery.

The function, is_role_simulation(), relied on litespeed_hash and litespeed_flash_hash, two hash values stored in cookies. However, the hashes were generated with an insufficient random factor, making them predictable and thus vulnerable to brute forcing.

Company Released Patched Version of Vulnerable Plugin

Although the vulnerability has since been patched, its severity should not be underestimated, as it allowed threat actors to impersonate administrators by exploiting the vulnerable hashes.

After gaining admin privileges, perpetrators could potentially deploy malicious plugins, alter website content, access backend databases, or deploy backdoors for persistence.

The severity of the vulnerability increases significantly, considering that the affected plugin is installed on approximately six million WordPress websites.

Timeline of Events and Threat Response

After the flaw was discovered, PatchStack alerted LiteSpeed Technologies, the company behind the affected plugin. By October 10, developers created a Proof-of-Concept (PoC) exploit and shared it with LiteSpeed to help them address the issue.

A week later, the company released a patched version (6.5.2) of the affected plugin that enhanced the randomness of the vulnerable hashes, thus addressing the issue by mitigating the risks of brute force attacks.

Mitigating Potential Risks

Unfortunately, by late October, only about two million websites had prioritized updating vulnerable plugins to a safe version, leaving an estimated four million still at risk of being targeted by potential exploits.

Website owners and administrators should prioritize updating to the latest version of the plugin to protect against attacks targeting the vulnerable hashes.