Protecting Against the LiteSpeed Cache WordPress Plugin Compromise

This post discusses the recent compromise of the very popular LiteSpeed Cache plugin, assigned the CVE identifier CVE-2024-28000.

The active LiteSpeed Cache exploit affects over five million websites worldwide, including many hosted at GreenGeeks. GreenGeeks utilizes LiteSpeed Cache across our EcoSite and Reseller network, which includes the use of the WordPress LiteSpeed Cache plugin.

Even if you’re not an expert web developer, it’s important to understand the implications of this compromise and the steps we’ve taken to safeguard your websites.

Understanding the Compromise

The LiteSpeed Cache Plugin is a very popular plugin designed for caching and optimizing a WordPress website. Unfortunately, every software has vulnerabilities, and the LiteSpeed Cache Plugin is no exception.

When something is this popular, the criminal element will do what they can to exploit it. There is no such thing as a completely “fool-proof” system.

This past week, a security flaw, identified as CVE-2024-28000, was discovered within the plugin’s codebase. This plugin is vulnerable to a privilege escalation exploit in all versions up to, and including, 6.3.0.1.

This makes it possible for unauthenticated attackers to spoof their user ID to that of an administrator, and then create a new user account with the administrator role utilizing the REST API endpoint.

It is critical to note that this vulnerability affects older versions of the affected plugin, and updating to the latest version is crucial for protection. It’s always a good idea to make sure all of your plugins, themes, and WordPress core files are updated.

Our Proactive Approach and Ensuring Your Website’s Safety

Simply put, GreenGeeks takes your website security seriously!

Even though we’re not a fully managed WordPress hosting provider, GreenGeeks takes proactive action in these cases of severe vulnerabilities to protect our clients and the security of our network.

In this case, we’ve already taken corrective action for all of our impacted customers across our EcoSite and Reseller platforms. This involves updating the LiteSpeed Cache plugin to the newly patched version as needed.

While we have updated the LiteSpeed Cache plugin on our network as a courtesy, you must remain proactive in securing your website.

In most cases, the best defense is keeping your software up to date. Simply updating to the latest version available from the official WordPress repository will patch the vulnerabilities and enhance the security of your website.

The best way to keep your site up to date is by using the WordPress automatic update system within wp-admin, bypassing the need for any 3rd party software. You can also easily manage your WordPress installations and automatic updates using Softaculous. This can be done from within your GreenGeeks cPanel account.

Conclusion

At GreenGeeks, we prioritize the security of our clients, and we strive to help you stay informed and secure of potential security threats to ensure your peace of mind.

Although we’ve taken the critical steps to update impacted sites using the LiteSpeed Cache plugin and remove the vulnerability, we encourage you to update all other software installed within your GreenGeeks account. This includes ensuring all passwords have been updated to maintain the overall security of your hosting account.

Remember, staying vigilant about vulnerabilities and keeping your software up to date is crucial for a safe online presence.

If you have any questions or concerns about this vulnerability or its impact on your GreenGeeks Account, please don’t hesitate to contact the GreenGeeks Technical Support Team for assistance.