Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin Results in Record Bounty Award
A critical unauthenticated privilege escalation vulnerability in the widely used LiteSpeed Cache Plugin has recently been patched, resulting in the highest bug bounty ever awarded in WordPress history. The vulnerability, known as CVE-2024-28000, was reported by John Blackbourn, a member of the Patchstack Alliance community, who was awarded a whopping $14,400 for his discovery.
The LiteSpeed Cache Plugin is a popular tool among WordPress users, with over 5 million active installations. It is known for enhancing the speed and performance of WordPress websites. However, this critical vulnerability posed a significant risk to these users, as it allowed unauthorized visitors to gain Administrator-level access to a site.
The vulnerability was found in the plugin’s user simulation feature, which utilized a weak security hash using known values. This flaw made it possible for attackers to perform brute force attacks and gain access to a site as any given user ID. Patchstack’s Rafie Muhammad confirmed this, stating that a brute force attack iterating all 1 million known possible values for the security hash could successfully gain access to the site.
Given the severity of the vulnerability, researchers have rated it as “Critical” with a CVSS score of 9.8. They strongly advise users to update to at least version 6.4 of the LiteSpeed Cache Plugin immediately to protect their websites from potential attacks.
The vulnerability does not affect Windows-based WordPress instances but poses a risk to those running on other operating systems, such as Linux. Rafie Muhammad emphasized the importance of ensuring the strength and unpredictability of values used as security hashes or nonces. He stated that the rand() and mt_rand() functions in PHP, which the plugin previously relied on, are not unpredictable enough for security-related features.
This is not the first time the LiteSpeed Cache Plugin has faced security issues. Last year, it patched an XSS vulnerability, further emphasizing the importance of keeping plugins up to date and regularly monitoring for security updates.
In related news, Wordfence, a prominent WordPress security company, recently launched the WordPress Superhero Challenge as part of its Bug Bounty Program. The challenge offers a top bounty prize of $31,200 for reporting critical or high-severity vulnerabilities in plugins or themes with over 5 million active installs. This initiative aims to incentivize researchers to help identify and patch potential security flaws in widely used WordPress tools, ultimately enhancing the overall security of the platform.
As the number of WordPress users continues to grow, it is crucial for both plugin developers and users to prioritize security. Vulnerabilities like the one found in the LiteSpeed Cache Plugin can have severe consequences for website owners, potentially leading to unauthorized access and compromised data. Regularly updating plugins, staying informed about security vulnerabilities, and working closely with security companies like Patchstack and Wordfence are essential steps towards maintaining a secure WordPress environment.
