An older version of LiteSpeed Cache, a popular plugin for the WordPress website builder, is vulnerable to a high severity flaw that hackers have been increasingly exploiting.
The flaw is described as an unauthenticated cross-site scripting vulnerability and is tracked as CVE-2023-40000. It has a severity score of 8.8.
By adding malicious JavaScript code directly to WordPress files through the plugin, attackers can create new administrator accounts and essentially take over the website entirely. Administrator accounts can be used to modify site content, add or remove plugins, or change different settings. Victims may be redirected to malicious websites, shown malicious advertisements or have their sensitive user data taken.
Mitigations and fixes
The flaw was discovered by WPScan, a cybersecurity project that serves as an enterprise vulnerability database for WordPress. Its researchers observed increased activity from different hacker groups, as they scan the internet for compromised WordPress sites. All of these run LiteSpeed Cache version 5.7.0.1 or earlier. The current version is 6.2.0.1 and is considered immune to this defect.
A threat actor was said to have made over one million research requests in April 2024 alone.
LiteSpeed Cache supposedly has over five million active users, of which approximately two million (1,835,000) use the vulnerable and outdated variant.
LiteSpeed Cache is a plugin that promises faster page load times, better user experience, and improved positions on Google search results page.
Those who fear being attacked are advised to update their plugins to the latest version as soon as possible. Additionally, they should uninstall all plugins and themes that they are not actively using and delete all suspicious files and folders.
Those who suspect they may have already been attacked should search the database for suspicious strings: “Search [the] database for suspicious strings like 'eval(atob(Strings.fromCharCode',” WPScan said. “Specifically in the litespeed.admin_display.messages option.”
Through beepcomputer