MalCare Protects Against Massive LiteSpeed Cache Privilege Escalation Vulnerability
by
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.
An extremely critical 9.8-level vulnerability affecting over 5 million sites was discovered in the LiteSpeed Cache plugin last week.
Hackers can exploit this vulnerability and create an unauthorized admin account on your site, and therefore gain full control of it.
If your site is protected by MalCareās Atomic Security, you do not need to panic. Atomic Security is designed to protect your site against all types of vulnerabilities, discovered or not. It blocks exploits targeting vulnerabilities, even before patches are applied. This is the MalCare advantage, and over 22,000 sites have been saved from the consequences of this vulnerability.
Even if you are a MalCare user though, we strongly recommend updating the LiteSpeed Cache plugin on your site immediately.
What is the vulnerability?
Plugin information
About the vulnerability
LiteSpeed Cache is an optimization plugin for WordPress websites, designed to improve performance and speed. It uses server-level caching to deliver faster page load times, improve user experience, and reduce server load. In addition to basic caching, it includes features like image optimization, database optimization, and content delivery network (CDN) integration.
The LiteSpeed Cache plugin is vulnerable to privilege escalation due to improper usage of the async_litespeed_handler()
and the is_role_simulation()
functions in versions before v6.4. This vulnerability is extremely serious and has received a CVSS score of 9.8 (Critical).
The LiteSpeed Cache plugin offers Crawler Simulation Settings in its Crawler settings section, which allows it to crawl and cache pages as specific authenticated users. This setting was implemented insecurely, allowing any unauthenticated user to exploit this feature and spoof their identity.
On some server configurations, this feature may be disabled by default, meaning those sites would remain unaffected. Please check your settings to verify your siteās security.
The first flaw was in the async_litespeed_handler()
function, which lacked proper capability or nonce checks. This allowed any user to trigger the function, initiating a simulated crawl that generated a $hash
value. This $hash
value, created using the get_hash()
function, was then stored in the options table.
The next issue lies in the is_role_simulation()
function, activated via an init
hook. This function examined the litespeed_role
and litespeed_hash
cookies. If the litespeed_hash
cookie matched the value stored in the database, the function used the litespeed_role
cookie value to set the current user.
This sequence meant that anyone with access to the $hash
value could spoof their user ID, including that of an administrator. This could be exploited against select REST API endpoints to create new administrative user accounts or against public-facing pages that require authentication, like viewing account areas from other plugins.
The $hash
value, generated through the Str::rrand()
function, had several weaknesses: it was only six characters long, it never expired, and it was limited to 1,000,000 permutations. It also used a loose comparison method, making it susceptible to brute force attacks.
Furthermore, if debugging was enabled, an attacker could easily obtain the hash value by triggering an error in the debug log. While other methods to obtain the valid hash might exist, these were the two identified so far.
This vulnerability has now been fixed with the release of LiteSpeed Cache v6.4 on August 13, 2024.
Who discovered this vulnerability?
The LiteSpeed Cache privilege escalation vulnerability was discovered by Patchstack security researcher John Blackbourn on August 1, 2024. Consequently, LiteSpeed Technologies, the plugin developers, released a patch on August 13, 2024.
How is your WordPress site at risk?
Your WordPress site is at risk if it runs the LiteSpeed Cache plugin v6.3.0.1 or earlier.
Think of installing the latest security system in your car but leaving the garage door wide open. That’s how the vulnerability in the LiteSpeed Cache plugin plays out. Itās like unintentionally setting up an easy pathway for trouble to enter.
In practical terms, an ordinary user could elevate their access to an administrator level without your approval, effectively taking full control over your website. This isn’t just about unauthorized access; it jeopardizes the entire security framework of your site. The potential damage is colossal, similar to giving a stranger full control over your vehicle. With administrator privileges, they can:
We strongly recommend that you update the LiteSpeed Cache plugin on your WordPress site immediately, at least to v6.4, regardless of whether you are a MalCare user or not! Doing so will safeguard your site, protect your reputation, and maintain your visitorsā trust.
How to clean your site?
If your WordPress site is compromised, follow these practical steps to recover and strengthen your siteās security:
- Run a MalCare scan: Use MalCare to quickly eliminate malware and fortify your site against future attacks with its Atomic Security feature.
- Update plugins and themes: Regularly check and update all your plugins and themes, especially the User Registration plugin. Older versions might contain vulnerabilities that hackers exploit. MalCareās dashboard alerts you about outdated plugins and themes, simplifying maintenance and enhancing security.
- Review user roles and permissions: Assess the roles and permissions assigned to all users. Immediately revoke access if anything seems suspicious.
- Refresh WordPress salts and security keys: This will force all users to log out and terminate active sessions, thereby boosting your siteās security. MalCare includes this step in its cleanup routine for added convenience.
- Change login credentials: Promptly update your admin password, ensure all user sessions are terminated, advise users to change their passwords, and encourage the use of strong, new passwords.
- Enhance login security: Implement two-factor authentication (2FA) and limit login attempts to reduce the risk of unauthorized access.
- Continuously monitor your site: MalCare handles this by continuously monitoring your site for any unusual activities, providing alerts for potential threats, and persistently scanning for malware.
How does MalCare protect your site?
MalCare continuously monitors all actions that create or modify a user account on your WordPress site. So if a hacker tries to exploit the LiteSpeed Cache vulnerability to upgrade an account to an administrator role, for example, MalCare will automatically block this action.
Additionally, MalCare offers comprehensive security for your WordPress site with a range of crucial features:
MalCare envelopes your WordPress site in a protective shield, combining proactive measures with robust defenses to maintain your site’s security and integrity.
Category:
Share it:
You may also like
8 Quick Fixes for WordPress Images Not Loading
When WordPress images fail to load, you might see empty spaces where images should be. This can leave visitors wondering whatās wrong or give your site an unprofessional look. Much…
Fix WordPress High CPU Usage in 10 Easy Ways
Are you getting alerts from your host about CPU spikes? Have visitors commented on slow loading times? These are all signs of high CPU strain. When combined with other WordPress…
7 Ways to Fix WordPress Permalinks Not Working
Permalinks are the human-friendly URLs you see on WordPress sites. They help people find pages and posts easily. They keep things clear and tidy. They are like street signs for…
How can we help you?
If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.
My site is hacked – Help me clean it
Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.
Secure my WordPress Site from hackers
MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.