Hackers Feast on New LiteSpeed Cache Flaw: Millions of WordPress Sites at Risk

Hackers are exploiting a critical vulnerability in LiteSpeed Cache, a WordPress plugin, to escalate privileges and take over websites. CVE-2024-28000 allows attackers to brute-force weak hash checks, creating rogue admin accounts. With only 30% of sites updated, millions remain at risk. Update to version 6.4.1 immediately!

3P
Published: August 23, 2024 5:32 amAdded: August 22, 2024 at 10:46 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like LiteSpeed Cache is the favorite snack for hackers this year. If your website isn’t updated, you might as well roll out the red carpet for cybercriminals!

Key Points:

  • New vulnerability CVE-2024-28000 affects LiteSpeed Cache plugin up to version 6.3.0.1.
  • Allows privilege escalation without authentication via weak hash checks.
  • Over 5 million websites use LiteSpeed Cache, with only 30% currently safe.
  • Wordfence detected over 48,500 attacks in the last 24 hours.
  • Users advised to upgrade to version 6.4.1 or uninstall the plugin.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?