Skip to main content

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks


Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

September 5, 2024 By Bill Toulas

 

WordPress

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites.

The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack's Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the release of LiteSpeed Cache version 6.5.0.1.

Debug feature writes cookies to file

The vulnerability is tied to the plugin's debug logging feature, which logs all HTTP response headers into a file, including the "Set-Cookie" header, when enabled.

 

>>Full Article<<

0 replies

Be the first to reply!

Reply