Follow Us on Google News
Follow Us on Google Discover
The National Information Technology Development Agency (NITDA) has issued a critical security alert concerning a newly discovered vulnerability, CVE-2024-28000, affecting over five million websites globally.
NITDA explained that this vulnerability impacts the LiteSpeed Cache plugin for WordPress, a popular tool used to optimise website performance and could allow attackers to gain full control over affected websites.
According to NITDA, the vulnerability arises from a flaw in the plugin’s “role simulation” feature, which can be exploited by cybercriminals to gain administrative access to websites without the need for authentication.
It explained that once an attacker takes control of a site, they could install malicious plugins, steal sensitive data, or redirect visitors to harmful websites.
This attack is made easier due to a combination of a weak hash function and the simplicity of the attack vector. Cyber attackers can exploit this flaw through brute-force guessing or by manipulating exposed debug logs to access administrative privileges. NITDA noted that with over five million websites using the LiteSpeed Cache plugin, the potential impact of this vulnerability is significant.
According to the agency, websites at risk could experience data theft, where attackers may steal user data, including sensitive customer information such as personal details or payment data.
There could also be website defacement, where cybercriminals could alter website content, install malicious code, or disrupt services. The technology development agency also said there could be redirection to malicious sites. It explained that site visitors could be redirected to fraudulent websites, exposing them to phishing scams or malware downloads.
Given the scale of WordPress usage, this vulnerability could have a severe effect on businesses, leading to financial losses and reputational damage.
To mitigate the risk of exploitation, NITDA urges all WordPress website administrators using the LiteSpeed Cache plugin to take immediate action by updating the LiteSpeed Cache Plugin.
“Ensure that the plugin is updated to the latest version (6.4.1). To check for updates, log in to your WordPress dashboard, navigate to the “Plugins” section, and update LiteSpeed Cache if necessary,” NITDA stated.
