LiteSpeed Cache is a plugin that millions of WordPress website admins use to improve page load times and user experience.
But WPScan flagged an exploit (CVE-2023-40000) in the plugin’s older version that hackers can use to gain complete control of a website.
Its CVSS score of 8.3 indicates that it’s a severe vulnerability. Hackers can pretend to be actual admins and take control of the site.
LiteSpeed has patched the vulnerability with version 5.7.0.1, but over 1.8 million users haven’t upgraded the plugin yet.
Vulnerability Details
CVE-2023-40000 was flagged last October 2023 and can be used for Stored Cross-Site Scripting.
Hackers could leverage this exploit to grant administrator privileges to their user accounts and gain control of the websites.
“The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nameservers’ and ‘_msg’ parameters due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.” said WPScan in its blog post.
The security research company also shared that the malware injects code into the core WordPress files. It discovered 1,232,810 requests from 94.102.51.144 and 70,472 from the 31.43.191.220 IP addresses, respectively.
Both IP addresses were searching the web for existing WordPress sites with old versions of LiteSpeed Cache plugins installed. LiteSpeed Cache has over five million users, and a third of them haven’t upgraded to the patched version of the plugin.
If you notice unusual traffic on your website and find admin users named “wpsupp?user” or “wp?configuser,” your website is already compromised.
You can also search the database for suspicious strings like “eval(atob(Strings.fromCharCode “and watch out for requests from IP addresses such as 45.150.67.235.
What’s the Resolution if Your Site Is Affected?
You must use a previous site backup to purge the malware infestation. For precautionary measures, review the installed plugins on your WordPress website.
Ensure that all the available and pending plugin updates, including LiteSpeed Cache, are manually installed.
