A study of the security has reported a cenueshmëri serious LiteSpeed Cache, an extension of the well known WordPress with more than 5 million installations. It can also be used to gain the privileges of a senior manager and carry out any tasks on the site. The developer released the patch-in on 13 aug.
To install the latest version of the immediately
LiteSpeed Cache is a indian's most popular and memorizimit to WordPress. This allows you to accelerate gently the appearance of a page through a cache and the level of the server, and the optimizimeve of the many. It is also compatible with the other plugins to be known as WooCommerce, bbPress, and Yoast SEO.
The weakness of the fixed CVE-2024-28000 was discovered by the practical, John Blackbourn, and is reported to be in the Patchstack on the 1st of August. For this discovery he received an award from the 14,400 dollars. The Bug is present in versions of up to 6.3.0.1.
LiteSpeed Cache it you can scan your site for the conservation of the site, while the simulated user to be authenticated. The function uses the protection of the hash, but it is used in a large number of random between 0 and 999,999. By an attack with a brute force that it is possible to find a number to access your site as an administrator (which often has a user ID of 1).
These privileges have been raised, it is possible to install the plugins to be infected, and to change your settings, to redirect the visitors on the websites of foreign affairs, the spread of the malware, and steal user data. The Patch was released on August 13, with version 6.4. Therefore, you need to install the latest version of LiteSpeed Cache it.
According to official statistics, there are currently only 30.4% of the websites are up-to-date, so that almost 70% of it is still vulnerable. Maybe the owners are on vacation.
Discussion about this post