CVE-2024-3246: LiteSpeed Cache Plugin Vulnerability Puts Millions of WordPress Sites at Risk

CVE-2024-3246

A vulnerability was discovered in LiteSpeed Cache (LS Cache), a widely used WordPress plugin installed on over five million sites. The vulnerability, tracked as CVE-2024-3246, allows attackers to inject malicious code into websites, potentially compromising sensitive data and granting them control over the affected site.

The LiteSpeed Cache plugin is vulnerable to CSRF due to missing or incorrect nonce validation. This flaw allows unauthenticated attackers to exploit the plugin by tricking a site administrator into performing actions, such as clicking on a malicious link. Once the forged request is executed, attackers can update the token setting and inject malicious JavaScript, leading to stored XSS.

In an attack leveraging CVE-2024-3246, hackers can deceive site administrators into clicking on a crafted link. This action can trigger the CSRF vulnerability, allowing the attacker to alter the plugin’s settings and embed harmful JavaScript code. The malicious script can then be executed whenever an administrator accesses the affected settings page, compromising the website and potentially its visitors.

Any website using the LiteSpeed Cache plugin version 6.2.0.1 or earlier is at risk. Considering the plugin’s widespread adoption, millions of WordPress sites are potentially vulnerable to these attacks.

Website owners are strongly urged to take immediate action to protect their sites:

  1. Update Immediately: Update the LiteSpeed Cache plugin to the latest version (6.3 or later), which contains a fix for this vulnerability.
  2. Check for Compromise: Review your site’s user accounts for any unauthorized administrators or suspicious activity.
  3. Strengthen Security: Implement additional security measures like a web application firewall (WAF) to further protect your website from potential attacks

In April, security researchers observed a surge in attacks targeting outdated versions of the LiteSpeed Cache plugin. Threat actors have been actively scanning for WordPress sites using versions older than 5.7.0.1, which are also vulnerable to a high-severity unauthenticated XSS flaw tracked as CVE-2023-40000, with a CVSS score of 8.8. These attackers have been able to create administrator accounts and seize control of compromised websites.

Related Posts: