{"id":277,"date":"2025-09-18T15:54:14","date_gmt":"2025-09-18T05:54:14","guid":{"rendered":"https:\/\/qld.cybersafebusiness.au\/index.php\/2025\/09\/18\/millions-of-wordpress-sites-at-risk-due-to-critical-plugin-vulnerability\/"},"modified":"2025-09-18T15:54:14","modified_gmt":"2025-09-18T05:54:14","slug":"millions-of-wordpress-sites-at-risk-due-to-critical-plugin-vulnerability","status":"publish","type":"post","link":"https:\/\/qld.cybersafebusiness.au\/index.php\/2025\/09\/18\/millions-of-wordpress-sites-at-risk-due-to-critical-plugin-vulnerability\/","title":{"rendered":"Millions of WordPress Sites at Risk Due to Critical Plugin Vulnerability"},"content":{"rendered":"<p><b>Are you running a WordPress site with the Litespeed Cache<br \/>\nplugin? <\/b>You could be vulnerable to a serious security risk. Millions of<br \/>\nwebsites may be at risk of takeover due to a critical vulnerability found in<br \/>\nthis popular plugin.<\/p>\n<p>Litespeed Cache is a widely-used plugin designed to improve<br \/>\nwebsite performance by caching content. With over 5 million active<br \/>\ninstallations, it\u2019s a go-to tool for many WordPress users. However, a recent<br \/>\ndiscovery by security researcher John Blackbourn revealed a critical flaw that<br \/>\ncould allow attackers to gain administrator access to WordPress sites without<br \/>\nneeding to log in.<\/p>\n<p>The vulnerability, tracked as CVE-2024-28000, is a privilege<br \/>\nescalation flaw. This means that an attacker can elevate their access level,<br \/>\ngiving them administrator privileges, which could allow them to take complete<br \/>\ncontrol of a targeted site. The discovery was responsibly reported through the<br \/>\nbug bounty program run by WordPress security firm Patchstack, earning<br \/>\nBlackbourn a reward of $14,400 for identifying the issue.<\/p>\n<p>Upon being notified of the vulnerability on August 5, the<br \/>\ndevelopers of Litespeed Cache quickly acted and released a patched version<br \/>\n(6.4) on August 13. However, while the patch is available, not all users have<br \/>\nupdated their plugins. Data from WordPress.org shows that around 3 million<br \/>\nusers have downloaded the update since its release, leaving approximately 2<br \/>\nmillion websites still exposed to potential attacks.<\/p>\n<p>What makes this vulnerability particularly concerning is how<br \/>\nit operates. The flaw exploits a feature in the plugin that simulates user<br \/>\nactions, which is protected by a weak security hash. This hash uses known<br \/>\nvalues, making it easier for attackers to crack. If an attacker can obtain this<br \/>\nhash, they can create a new user account with administrator privileges. This<br \/>\nwould enable them to deploy malware or make other malicious changes to the<br \/>\nsite.<\/p>\n<p>The situation is further complicated by the fact that the<br \/>\nsecurity hash only has 1 million possible values, making it susceptible to<br \/>\nbrute-force attacks. Patchstack estimates that such an attack could take<br \/>\nanywhere from a few hours to a week to succeed. Additionally, if the site has<br \/>\ndebugging mode enabled, the hash might be leaked in logs, providing another<br \/>\npotential attack vector.<\/p>\n<p>While this vulnerability may not be easy to exploit on a<br \/>\nlarge scale, Patchstack CEO Oliver Sild warns that it could be used in targeted<br \/>\nattacks. For hackers looking to take over a specific website, this flaw<br \/>\nprovides a relatively straightforward method to gain full access. Defiant,<br \/>\nanother WordPress security firm, has echoed these concerns, stating that they<br \/>\nexpect the vulnerability to be actively exploited soon.<\/p>\n<p>If you\u2019re using the Litespeed Cache plugin, it\u2019s crucial to<br \/>\nupdate to the latest version immediately. Keeping your plugins up to date is a<br \/>\ncritical step in securing your website and protecting it from potential<br \/>\nthreats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Are you running a WordPress site with the Litespeed Cache plugin? You could be vulnerable to a serious security risk. Millions of websites may be at risk of takeover due [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":276,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-277","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=277"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/277\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/276"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}