Another vulnerability was discovered in the LiteSpeed Cache WordPress plugin—an Unauthenticated Privilege Escalation that could lead to a total site takeover. Unfortunately, updating to the latest version of the plugin may not be enough to resolve the issue.
LiteSpeed Cache Plugin
The LiteSpeed Cache Plugin is a website performance optimization tool with over 6 million installations. A cache plugin stores a static copy of the data used to create a web page, so the server doesn’t have to repeatedly fetch the same page elements from the database every time a browser requests a web page.
Storing the page in a "cache" reduces the server load and speeds up the time it takes to deliver a web page to a browser or a crawler. LiteSpeed Cache also performs other page speed optimizations like compressing CSS and JavaScript files (minifying), embedding the most important CSS for rendering a page directly in the HTML code (inlined CSS), and other optimizations that collectively enhance website speed.
Unauthenticated Privilege Escalation
An unauthenticated privilege escalation is a type of vulnerability that allows a hacker to attain site access privileges without having to sign in as a user. This makes it easier to hack a site compared to an authenticated vulnerability, which requires a hacker to first attain a certain privilege level before being able to execute the attack.
Unauthenticated privilege escalation typically occurs because of a flaw in a plugin (or theme), and in this case, it’s due to a data leak. Patchstack, the security company that discovered the vulnerability, writes that the vulnerability can only be exploited under two conditions:
"Active debug log feature on the LiteSpeed Cache plugin.
Has activated the debug log feature once before (not currently active now) and the /wp-content/debug.log file is not purged or removed.”
Discovered By Patchstack
The vulnerability was discovered by researchers at Patchstack, a WordPress security company that offers a free vulnerability warning service and advanced protection. Oliver Sild, Founder of Patchstack, explained how this vulnerability was uncovered and warned that updating the plugin is not sufficient; users still need to manually purge their debug logs.
He shared these specifics about the vulnerability:
"It was found by our internal researcher after we processed the vulnerability from a few weeks ago.
Important thing to keep in mind with this new vulnerability is that even when it gets patched, the users still need to purge their debug logs manually. It’s also a good reminder not to keep debug mode enabled in production.”
Recommended Course of Action
Patchstack recommends that users of LiteSpeed Cache WordPress plugin update to at least version 6.5.0.1.
Read the advisory at Patchstack:
Critical Account Takeover Vulnerability Patched in LiteSpeed Cache Plugin
Featured Image by Shutterstock/Teguh Mujiono