Critical Security Flaw Discovered in LiteSpeed Cache Plugin for WordPress: Immediate Patch Required

Cybersecurity researchers have uncovered a critical vulnerability in the popular LiteSpeed Cache plugin for WordPress, potentially allowing unauthenticated attackers to take control of user accounts, including administrator-level access. Tracked as CVE-2024-44000 with a CVSS score of 7.5, this vulnerability affects LiteSpeed Cache versions up to 6.4.1 and has been patched in version 6.5.0.1.

Unauthenticated Account Takeover via Debug Log Exposure

The vulnerability, identified by Patchstack researcher Rafie Muhammad, allows unauthorized visitors to exploit the LiteSpeed Cache plugin’s debug log feature. When enabled, the “/wp-content/debug.log” file is publicly accessible, potentially exposing sensitive information, including user cookie data. This vulnerability could allow attackers to hijack valid user sessions and even gain administrative access, enabling the upload and installation of malicious plugins.

A Persistent Threat in WordPress Ecosystem

LiteSpeed Cache is widely used, with over 5 million active installations, making this vulnerability a significant concern for website owners. The newly discovered flaw follows another critical issue found in the same plugin earlier this year—CVE-2024-28000, a privilege escalation vulnerability with a CVSS score of 9.8.

Debug Log Exposure: A Critical Risk

The exposure of the debug log file is the root of this security flaw. Although the debug feature is disabled by default in WordPress, websites that previously enabled it may still have the vulnerable debug log file stored on their server. Attackers could use this file to steal user cookies and log in to active sessions.

Mitigation and Patch Details

The latest patch, version 6.5.0.1, addresses the flaw by relocating the debug log file to a dedicated folder within the LiteSpeed Cache plugin’s directory (“wp-content/litespeed/debug/”), randomizing file names, and removing cookie data from the log.

In addition to updating the plugin, users are advised to:

1. Check for the existence of the “/wp-content/debug.log” file and remove it if it’s found.
2. Ensure debugging is disabled if not needed.
3. Set .htaccess rules to block direct access to log files.
4. Regularly audit WordPress installations for security vulnerabilities and apply updates promptly.

Importance of Secure Debugging Practices

This vulnerability underscores the need for secure debugging processes in WordPress development. The handling of sensitive data in debug logs must be carefully managed to prevent accidental exposure.

In conclusion, administrators using LiteSpeed Cache should apply the latest patch immediately and review their site’s debugging settings to prevent exploitation of this vulnerability. Proper maintenance and security practices, such as disabling unnecessary debugging features and protecting log files, are crucial for maintaining a secure WordPress environment.