Categories
Blog

Hackers exploit LiteSpeed Plugin bug to attack millions of WordPress sites (CVE-2023-40000) 

Hackers exploit LiteSpeed Plugin bug to attack millions of WordPress sites (CVE-2023-40000) 
Home » Blog » Hackers exploit LiteSpeed Plugin bug to attack millions of WordPress sites (CVE-2023-40000) 

Hackers exploit LiteSpeed Plugin bug to attack millions of WordPress sites (CVE-2023-40000)

Over four million WordPress websites are now vulnerable to a security vulnerability discovered in the LiteSpeed cache plugin.

Let us explore what the vulnerability is about, how it is impacting WordPress sites across the world, and the possible steps to secure against the vulnerability.

What is LiteSpeed?

LiteSpeed cache is a free and open-source WordPress plugin widely used for caching. Its primary purpose is to improve Google search ranking, visitor experience, and page load speeds.  

Since it is so popularly used across the world, the security vulnerability found in the plugin poses a significant risk to all the websites that are using the old version of the plugin.  

Why is LiteSpeed Plugin vulnerable? 

The security vulnerability found in the LiteSpeed Cache plugin, now tracked as CVE-2023-40000, is given a CVSS score of 8.3 (high). It was created when the user input handling code failed to implement sanitization measures and let the output escape. Sanitization removes illegal characters from the code. By allowing illegal characters to exist in the code, a vulnerability is created. This security flaw was discovered by security researchers at PatchTrack.   

What are the threats posed by the vulnerability (CVE-2023-40000)? 

The vulnerability allows attackers to gain control of the website. They can create new admin user accounts, change settings that are critical to the functioning, destroy, steal, or alter the content of the website, and redirect users to malicious websites. They can deliver malicious payloads and steal the data of visitors to the site.   

They can orchestrate cross-site scripting attacks (XSS) through a single HTTP request.  Since more than 4 million websites are currently using the plugin, they are all at great risk of exposure to the risk of exploitation of the said vulnerability.  

Lite Speed has recently fixed this bug with a security update in its latest version Lite Speed 5.7.0.1 

SharkStriker’s actions and recommendations

The following are the recommendations made and actions taken by SharkStriker: 

  • Update the LiteSpeed plugin to the latest version 5.7.0.1
  • If you find any suspicious visitors, it is recommended to immediately remove and report the users
  • SharkStriker has scanned the customers’ WordPress environment for vulnerability
  • Our team of threat hunters are continuously monitoring the environment against all the known indicators of compromise (IoC) and Indicators of Attack (IoA)

Services

Experience end-to-end management
of statutory and regulatory compliance
through our dedicated service for compliance

Explore More >

Latest Post

All
Blog