ARTICLE AD BOX
Millions of websites astatine hazard owed to a captious vulnerability affecting the LiteSpeed WordPress cache plugin
Up to 5 cardinal installations of the LiteSpeed Cache WordPress plugin are susceptible to an exploit that allows hackers to summation head rights and upload malicious files and plugins
The vulnerability was archetypal reported to Patchstack, a WordPress information company, which notified the plugin developer and waited until the vulnerability was patched earlier making a nationalist announcement.
Patchstack laminitis Oliver Sild discussed this with Search Engine Journal and provided inheritance accusation astir however the vulnerability was discovered and however superior it is.
Sild shared:
“It was reported to done the Patchstack WordPress Bug Bounty programme which offers bounties to information researchers who study vulnerabilities. The study qualified for a $14,400 USD bounty. We enactment straight with some the researcher and the plugin developer to guarantee vulnerabilities get patched decently earlier nationalist disclosure.
We’ve monitored the WordPress ecosystem for imaginable exploitation attempts since the opening of August and truthful acold determination are nary signs of mass-exploitation. But we bash expect this to go exploited soon though.”
Asked however superior this vulnerability is, Sild responded:
“It’s a captious vulnerability, made peculiarly unsafe due to the fact that of its ample instal base. Hackers are decidedly looking into it arsenic we speak.”
What Caused The Vulnerability?
According to Patchstack, the compromise arose due to the fact that of a plugin diagnostic that creates a impermanent idiosyncratic that crawls the tract successful bid to past make a cache of the web pages. A cache is simply a transcript of web leafage resources that stored and delivered to browsers erstwhile they petition a web page. A cache speeds up web pages by reducing the magnitude of times a server has to fetch from a database to service web pages.
The method mentation by Patchstack:
“The vulnerability exploits a idiosyncratic simulation diagnostic successful the plugin which is protected by a anemic information hash that uses known values.
…Unfortunately, this information hash procreation suffers from respective problems that marque its imaginable values known.”
Recommendation
Users of the LiteSpeed WordPress plugin are encouraged to update their sites instantly due to the fact that hackers whitethorn beryllium hunting down WordPress sites to exploit. The vulnerability was fixed successful mentation 6.4.1 connected August 19th.
Users of the Patchstack WordPress information solution person instant mitigation of vulnerabilities. Patchstack is disposable successful a escaped mentation and the paid mentation costs arsenic small arsenic $5/month.
Read much astir the vulnerability:
Critical Privilege Escalation successful LiteSpeed Cache Plugin Affecting 5+ Million Sites
Featured Image by Shutterstock/Asier Romero
SEJ STAFF Roger Montti Owner - Martinibuster.com astatine Martinibuster.com
I person 25 years hands-on acquisition successful SEO, evolving on with the hunt engines by keeping up with the latest ...
![Win Higher-Quality Links: The PR Approach To SEO Success [Webinar] via @sejournal, @lorenbaker](https://www.searchenginejournal.com/wp-content/uploads/2025/03/featured-1-716.png)
English (US)