A vulnerability in the LiteSpeed ​​​​Cache plugin creates a risk of administrator access

A vulnerability has been discovered in the LiteSpeed ​​Cache plugin for WordPress, which has more than 6 million active installations, that allows unauthenticated visitors to gain administrator-level access by exploiting a security flaw in the plugin’s role impersonation feature. This flaw allowed unauthorized access that could lead to the installation of malicious plugins.

The LiteSpeed ​​​​Cache plugin is widely used for site optimization and supports popular WordPress plugins such as WooCommerce, bbPress and Yoast SEO.

Vulnerability details and exploitation risks

According to the Patchstack team, the discovered vulnerability uses weak security hash checks that can be reproduced in certain configurations set by the administrator, including the startup duration and load limit settings in the plugin’s Crawler function.

The vulnerability, labeled CVE-2024-50550, is a concern because of the ease with which hashes can be brute-forced, thus bypassing key security checks.

The main conditions for this vulnerability to reproduce include:

• Enabling the Crawler feature and setting the startup duration between 2500-4000 seconds

• Setting the server load limit to 0

• Enable role simulation for users with administrator rights

Read more about WordPress security vulnerabilities: Critical LiteSpeed ​​Cache plugin vulnerability exposes WordPress sites

Steps to fix security flaws

In response to the vulnerability, the LiteSpeed ​​development team removed the role simulation feature and strengthened hash generation to prevent unauthorized access attempts.

They also confirmed to Patchstack that they plan to further improve security by including more robust random generators in future updates to better protect against brute force attacks.

Patchstack advised LiteSpeed ​​​​Cache users to upgrade to version 6.5.2 or later to mitigate this issue.

“This vulnerability highlights the critical importance of ensuring the reliability and unpredictability of values ​​used as security hashes or one-time codes,” the company said. “Any functionality involving role simulation or other user simulation must also be protected by appropriate access controls.”

Additionally, administrators should review plugin settings to ensure that configurations such as scanner runtime and load limits are optimized for security.