КућаЦИИ/ОТLiteSpeed Cache Plugin XSS Vulnerability Impacting 1.8M WordPress Sites

LiteSpeed Cache Plugin XSS Vulnerability Impacting 1.8M WordPress Sites

Објављено на

spot_img

WordPress websites have been targeted in recent attacks, resulting in the injection of malicious JavaScript through vulnerabilities in the LiteSpeed Cache plugin, as stated by Automattic’s security team, WPScan.

With the internet hosting over 1.89 billion websites as of 2024, a significant portion, around 835 million, rely on WordPress as their chosen Content Management System (CMS). This makes WordPress a prime target for cyber criminals looking to exploit weaknesses in the system.

According to WPScan’s blog post, threat actors are taking advantage of a stored cross-site scripting (XSS) vulnerability present in older versions of the LiteSpeed Cache plugin. This vulnerability, tracked as CVE-2023-40000 and rated at a severity level of 8.8, allows unauthenticated users to elevate their privileges through specially crafted HTTP requests. Patchstack disclosed this vulnerability in February 2024, affecting LiteSpeed Cache plugin versions older than 5.7.0.1.

The vulnerability stems from unauthenticated stored XSS within outdated versions of the plugin. Unauthenticated XSS means that attackers do not require login credentials to inject malicious code into the system. On the other hand, Stored XSS involves the malicious code being stored in the website’s database, affecting any user who visits the compromised page. Attackers have been infiltrating WordPress files and databases with malicious JavaScript, creating administrator accounts named ‘wpsupp-user’ or ‘wp-configuser’ by exploiting this vulnerability.

Malicious URLs and IPs associated with these attacks include domains like startservicefounds.com/service/f.php, apistartservicefounds.com, cachecloudswiftcdn.com, and an IP tracked as 45.150.67.235.

LiteSpeed Cache is a widely used plugin among over five million WordPress websites due to its abilities in boosting Google Search rankings. Although the vulnerability was addressed in version 5.7.0.1 back in October 2023, many users have still not updated to non-vulnerable versions. Despite the availability of the latest version, 6.2.0.1 released on April 25, 2024, a significant number of users, approximately 1,835,000, continue to operate vulnerable releases, leaving them susceptible to infection.

The ability for threat actors to create admin accounts on WordPress sites poses severe risks, allowing unauthorized individuals to gain full access and carry out malicious actions such as injecting malware or installing harmful plugins. The security breach comes soon after Sucuri uncovered a redirect scam campaign, known as Mal.Metrica, which employs fake CAPTCHA prompts to redirect users to fraudulent websites.

To safeguard WordPress sites from such attacks, users are advised to update their LiteSpeed Cache plugin to the latest version, conduct malware scans using reputable WordPress security tools, and change all login credentials. WPScan recommends searching for suspicious strings in the litespeed.admin_display.messages option or the presence of ‘wpsupp-user’ on compromised websites.

Извор линк

Најновији чланци

LockBit hackers announce successful breach of US Federal Reserve

The LockBit cybercrime gang has made a bold claim of stealing a massive database...

Key Insights from the British Library Cyberattack

The British Library encountered a severe cyberattack in October 2023, resulting in the shutdown...

CISA Confirms Cyberattack on Critical Chemical Security Tool – Source: www.databreachtoday.com

The U.S. cyber defense agency, CISA, disclosed on Monday that a critical tool containing...

Cyber crime on the rise: nearly 120% increase in four years

The cybercrime rates in Scotland have seen a significant increase, with an estimated 16,910...

Више овако

LockBit hackers announce successful breach of US Federal Reserve

The LockBit cybercrime gang has made a bold claim of stealing a massive database...

Key Insights from the British Library Cyberattack

The British Library encountered a severe cyberattack in October 2023, resulting in the shutdown...

CISA Confirms Cyberattack on Critical Chemical Security Tool – Source: www.databreachtoday.com

The U.S. cyber defense agency, CISA, disclosed on Monday that a critical tool containing...
sr_RSSerbian