Nigeria’s Information Technology Development Agency (NITDA) has issued an urgent warning about a critical security vulnerability impacting over five million WordPress sites using the popular LiteSpeed Cache plugin. The flaw allows attackers to take full control of affected websites without any need for authentication.
According to NITDA, the vulnerability stems from a weakness in the plugin’s “role simulation” feature. If exploited, attackers can gain administrative privileges, leading to severe consequences, including the installation of malicious plugins, data theft, and redirecting visitors to dangerous websites.
“The ease of the attack vector, combined with a weak hash function, makes this vulnerability particularly dangerous, as attackers can exploit it by brute-forcing or accessing exposed debug logs,” the agency said in a statement.
NITDA also warned that the vulnerability, identified as CVE-2024-28000, poses significant risks due to the large number of installations of the LiteSpeed Cache plugin. This raises concerns about a potential increase in cyberattacks targeting vulnerable sites.
Credit: Technology Times (Text Excluding Headline)
