WordPress Websites Hacked! Hackers Exploit LiteSpeed Cache Bug
A serious concern has popped up with the LiteSpeed Cache plugin for WordPress. Hackers are using it to sneak into websites and become admins without permission.
WPScan discovered the trouble. They discovered that this bug, named CVE-2023-40000, lets users make fake admin accounts called wpsupp‑user and wp‑configuser. Read about Top 6 Essential WordPress Website Security Plugins
It’s a type of bug called a stored cross-site scripting (XSS) vulnerability. That means someone without permission could use it to do sneaky stuff by sending misleading internet messages.
So, what happens when hackers become admins? They can basically do whatever they want on the website. They could put in bad software, add dangerous plugins, and more. To stay safe, experts say to update the plugin right away, check all your plugins for anything strange, and get rid of anything suspicious.
One way to spot bad stuff is by searching your website’s files for weird things, like “eval(atob(Strings.fromCharCode,'” as WPScan suggests.
This isn’t the only problem with WordPress lately.
There’s also a sneaky trick called Mal. Metrica going around. It tricks people into clicking on fake CAPTCHA boxes, sending them to bad websites. These websites try to get personal info or make you download sketchy stuff.
Who will it impact?
This affects WordPress website owners who have the LiteSpeed Cache plugin installed, which is quite common as it has over 5 million active installations. Even though a fix for the vulnerability has been available since October 2023, many websites are still running older versions of the plugin, making them susceptible to exploitation.
What to expect?
To patch the vulnerability, website owners should update their LiteSpeed Cache plugin to the latest version (6.2.0.1) released on April 25, 2024. Additionally, they should review all installed plugins for any suspicious activity and delete any unfamiliar files or folders.
To identify potential compromises, WPScan suggests checking the database for certain strings, especially in the option ‘litespeed.admin_display.messages.
Read about How to Conduct WordPress Plugin Maintenance Beyond Spring Cleaning?
According to The Hacker News, Security experts warn everyone to be careful online. Website owners should turn on automatic updates for everything, and regular users should avoid clicking on weird links. It’s all about staying safe!