The National Information Technology Development Agency (NITDA) has issued a critical alert regarding a newly discovered vulnerability, CVE-2024-28000, that threatens more than 5 million websites globally.
The vulnerability affects the LiteSpeed Cache plugin used on WordPress websites, a popular tool for optimizing performance. NITDA has urged website administrators to act swiftly to protect their sites from potential attacks.
This vulnerability stems from a flaw in the plugin’s “role simulation” feature, which could allow attackers to gain full administrative control over websites without authentication. Cybercriminals exploiting this weakness can install malicious plugins, steal sensitive data, or redirect visitors to harmful websites.
The vulnerability is made more accessible due to weak hash functions and an easily exploitable attack vector, including the manipulation of exposed debug logs.
According to NITDA, the impact of this flaw is particularly severe, as it could lead to significant consequences for businesses, including data theft, website defacement, and redirection to malicious sites. The agency warned that attackers could steal sensitive customer information, disrupt services, or expose visitors to phishing scams and malware.
In response, NITDA has advised WordPress website administrators to immediately update their LiteSpeed Cache plugin to the latest version, 6.4.1, to protect against exploitation.
Administrators can check for updates by navigating to the “Plugins” section in their WordPress dashboard. Additionally, NITDA urged webmasters to disable debugging features on live websites to prevent the exposure of sensitive logs.
The agency further emphasized the importance of regular audits of plugin settings and configurations to minimize security risks. Website administrators should frequently check for vulnerabilities and ensure all plugins remain up to date to avoid future attacks. NITDA highlighted that previous versions of the LiteSpeed Cache plugin have had multiple vulnerabilities, underscoring the need for consistent plugin maintenance.
This latest vulnerability is one of several that have affected the LiteSpeed Cache plugin, which has been a target for security breaches in the past. NITDA’s alert serves as a reminder for all website owners to remain vigilant and take proactive steps to secure their digital platforms.