A significant security flaw has been uncovered in the LiteSpeed Cache plugin, used by over 6 million WordPress sites, which could allow unauthorized visitors to gain administrator-level access. The vulnerability stems from a weakness in the plugin's role simulation feature, making it possible for attackers to bypass security and install harmful plugins.
The LiteSpeed Cache plugin, popular for site performance enhancements, is compatible with widely-used WordPress plugins like WooCommerce, bbPress, and Yoast SEO.
According to cybersecurity firm Patchstack, this vulnerability results from weak hash checks, which can be exploited under certain administrator-defined configurations. The issue is particularly pronounced when high run durations and minimal load limits are applied within the plugin's Crawler feature.
Listed as CVE-2024-50550, the vulnerability is concerning due to its susceptibility to brute-force attacks, enabling attackers to bypass essential security mechanisms.
Specific configurations that make this vulnerability more likely include:
- Enabling the Crawler feature with run durations between 2500-4000 seconds
- Setting the server load limit to 0
- Activating role simulation for administrator-level users
- Recommended Actions to Mitigate the Risk
- In response, LiteSpeed has removed the role simulation feature and enhanced hash generation processes. The company has also shared plans with Patchstack to introduce more sophisticated random value generation in future updates to further safeguard against brute-force exploits.
Patchstack recommends that all LiteSpeed Cache users update to version 6.5.2 or later to mitigate these risks.
"This vulnerability underscores the importance of strong, unpredictable values for security hashes or nonces," Patchstack noted, adding that features like role simulation should always include robust access controls.
Additionally, administrators are advised to review plugin settings, optimizing configurations like Crawler run duration and load limits to strengthen security.