A severe vulnerability has been identified in the LiteSpeed Cache plugin for WordPress, potentially allowing unauthorized attackers to gain admin-level access and conduct harmful actions. The flaw, listed as CVE-2024-50550 with a CVSS severity score of 8.1, was recently patched in the plugin’s 6.5.2 version.
This vulnerability, reported by a security researcher, stems from an unauthenticated privilege escalation issue. Exploiting this flaw allows any visitor to the website to assume administrator privileges, making it possible to upload malicious plugins.
LiteSpeed Cache, widely used for optimizing WordPress performance with advanced caching capabilities, is currently active on over six million websites, underscoring the potential impact.
The problem is linked to a function called is_role_simulation, which allowed hackers to brute-force weak security hashes, manipulating the plugin’s crawler feature to impersonate high-level users, including administrators. LiteSpeed’s patch addresses the vulnerability by removing role simulation and updating the hash generation process to ensure stronger, more unpredictable hashes.
The researcher emphasizes the importance of robust security hashes in preventing attacks like these. Insecure random functions in PHP, while suitable for general tasks, lack the unpredictability needed for security-sensitive features, especially when a limited possibility of random values can be easily brute-forced.
This is the third reported vulnerability in LiteSpeed Cache in recent months. The other two, CVE-2024-44000 and CVE-2024-47374, received CVSS scores of 7.5 and 7.2, respectively.
Meanwhile, other plugins, such as Ultimate Membership Pro, have also had recent critical vulnerabilities. Patchstack disclosed flaws that allowed attackers to elevate privileges or execute code, both of which have since been resolved in later versions.
In addition to these security challenges, the current legal dispute between WordPress parent company Automattic and WP Engine has led some developers to withdraw their plugins from the WordPress.org repository.
This situation makes it critical for users to track updates through verified channels, as plugins removed from the repository no longer receive automatic updates. Without these updates, sites may become vulnerable to known exploits, leaving them open to attacks.
To protect against vulnerabilities in WordPress plugins, website administrators should regularly update all plugins, especially popular ones like LiteSpeed Cache, to ensure they have the latest security patches.
Implementing multi-factor authentication, limiting admin access, and using security plugins that offer real-time threat detection can further enhance site security.