Close Menu
  • Tech Insights
  • Laptops
  • Mobiles
  • Gaming
  • Apps
  • Money
  • Latest in Tech
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
TechzLab – Tech News, Gadgets, Mobile & IT UpdatesTechzLab – Tech News, Gadgets, Mobile & IT Updates
  • Tech Insights
  • Laptops
  • Mobiles
  • Gaming
  • Apps
  • Money
  • Latest in Tech
TechzLab – Tech News, Gadgets, Mobile & IT UpdatesTechzLab – Tech News, Gadgets, Mobile & IT Updates
Home » Worrying WordPress plugin security flaw could let hackers hijack your site
Tech Insights

Worrying WordPress plugin security flaw could let hackers hijack your site

adminBy adminNovember 1, 2024No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

LiteSpeed Cache, an immensely popular WordPress plugin for site performance optimization, suffered from a vulnerability which allowed threat actors to gain admin status.

With such elevated privileges, they would be able to perform all sorts of malicious activities on the compromised websites.

According to researchers from Patchstack, the vulnerability was discovered in the is_role_simulation function, and it is relatively similar to a different vulnerability that was discovered last summer. The function apparently used a weak security hash check that could be broken with brute force, granting the attackers the ability to abuse the crawler feature and simulate a logged-in administrator.

Who is vulnerable?

There are a few factors that need to align before the vulnerability can be abused, though.

That includes having the crawler turned on, with run duration between 2500 and 4000, and the intervals between runs being set to 2500- 4000. Furthermore, Server Load Limit should be set to 9, Role Simulation to 1 (ID of user with admin role), and Turn every row to OFF except Administrator should be activated.

The vulnerability is now tracked as CVE-2024-50550, and has a severity score of 8.1 (high severity). It was already patched, with the version 6.5.2 of the plugin being the earliest clean one. LiteSpeed Cache is one of the most popular plugins of its kind, with more than six million active installations.

There is no talk of any evidence of in-the-wild abuse, so chances are cybercrooks have not picked up on the vulnerability in the past.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However, now that the patch is public, it’s only a matter of time before they start scanning for vulnerable websites. Currently, almost three-quarters (72.1%) of all LiteSpeed Cache websites are running the latest version, 6.5, with 6.7% running 6.4, and a notable 21.2% running “other” versions. Therefore, at least 27.6% of sites could be targeted, which is more than 1.6 million.

More from TechRadar Pro

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
admin
  • Website

Related Posts

Google Introduces 30 New AI Tools for Educators and Custom Gemini App for Students

July 1, 2025

How Do Pimple Patches Work? Here’s Everything You Need to Know

June 30, 2025

This app got my kids off YouTube and into learning through play

June 29, 2025

Comments are closed.

Latest
  • Reviews Featuring ‘Bakeru’ & ‘Peglin’, Plus Highlights From Nintendo’s Blockbuster Sale – TouchArcade July 1, 2025
  • I went hands-on with the Nothing Phone 3, and it might just be the most interesting phone of the year – here’s why July 1, 2025
  • Indian Railways Launches RailOne App as a Unified Platform for Ticket Booking and Other Services July 1, 2025
  • Apple to Launch a ‘More Affordable’ MacBook With a 13-inch Screen, A18 Pro SoC: Report July 1, 2025
  • I Finally Tried the Nothing Phone 3 and There’s a Lot I Like July 1, 2025
We are social
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo

Subscribe to Updates

Get the latest creative news from Techzlab.

Tags
Ada Ventures ai safety Alphabet Apple Automatic Aydin sykut cybersecurity daniel ek data centers doge Donald Trump Elon Musk evergreens Exclusive foodtech Fundraise fundraising Google In Brief India legal tech lucky matt mullenweg Meta Microsoft Openai Perplexity Pinterest remittance restaurant tech robotics Scales to Sequioa signalfire social media SpaceX Spotify Startups Tesla Trump Administration UK vw WordPress xrobotics Y Combinator
Archives
Quick Link
  • Apps (235)
  • From the Editor (3)
  • Gaming (234)
  • Laptops (235)
  • Latest in Tech (235)
  • Mobiles (236)
  • Money (59)
  • Tech Insights (235)
Don't miss

Google Introduces 30 New AI Tools for Educators and Custom Gemini App for Students

July 1, 2025

How Do Pimple Patches Work? Here’s Everything You Need to Know

June 30, 2025

This app got my kids off YouTube and into learning through play

June 29, 2025
Follow us
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
© 2025 Techzlab.com Designed and Developed by WebExpert.
  • Home
  • From the Editor
  • Money
  • Privacy Policy
  • Contact

Type above and press Enter to search. Press Esc to cancel.