For those running a WordPress site in Nigeria, this critical security alert from the National Information Technology Development Agency (NITDA) is for you! A dangerous new vulnerability, CVE-2024-28000, has been discovered in the LiteSpeed Cache plugin, affecting over 5 million websites globally, including many right here in Nigeria.
The vulnerability stems from the “role simulation” feature of the LiteSpeed Cache plugin, which allows hackers to gain full administrative control of your site — without even needing a password. Once these cyber criminals have access, they can install malicious software, steal sensitive data, or redirect your visitors to fraudulent websites. This kind of attack can have devastating consequences for your online reputation and security NITDA warns.
The exploit is shockingly easy to carry out, thanks to a weak hash function in the plugin. Hackers can brute force their way into your WordPress site or use exposed debug logs to gain administrative rights. Once they’re in, they can wreak havoc by stealing personal data, defacing your site, or worse, compromising your visitors’ safety by sending them to harmful websites.
Read also: Meta unveils celebrity AI voice clones at 2024 Meta Connect: John Cena, Kristen Bell featured
Don’t panic — there’s a solution. NITDA urges all WordPress site owners to update the LiteSpeed Cache plugin immediately to version 6.4.1. Here’s how:
1. Log into your WordPress dashboard.
2. Go to “Plugins” and check for updates.
3. Install the latest version of LiteSpeed Cache (6.5.1) right away.
Additionally, turn off debugging on live sites to prevent hackers from exploiting sensitive data in your logs. Regularly review your plugin settings to ensure your site’s security is always up to date.
While LiteSpeed Cache is popular for speeding up WordPress sites, it has been vulnerable to attacks before, including issues like cross-site scripting and privilege escalation. This latest vulnerability is a reminder that keeping your plugins updated and staying alert to security warnings is crucial to protecting your website.
