CVE-2024-44000: The LiteSpeed Cache Flaw That Could Compromise Your Site

A critical vulnerability has been discovered in the popular LiteSpeed Cache plugin for WordPress, potentially allowing attackers to hijack user accounts. The vulnerability, designated CVE-2024-44000 with a CVSS score of 7.5, affects versions up to and including 6.4.1.

In his report, Patchstack researcher Rafi Muhammad noted that the vulnerability enables any unauthorized user to gain access to the account of any authorized user, including administrators. This could lead to the installation of malicious plugins on the site and further compromises.

The vulnerability stems from an exposed debug log file, “/wp-content/debug.log,” which contains sensitive information such as cookies and active user sessions. This allows attackers to access user accounts without authentication.

The vulnerability does not pose a widespread threat, as exploitation requires the site’s debugging feature to be activated, which is disabled by default. However, sites where this feature was previously enabled and the log file was not deleted remain at risk.

The LiteSpeed Cache 6.5.0.1 update relocates the log file to a new directory, generates a random filename, and excludes cookie data from the log. Users are advised to check for the presence of the “/wp-content/debug.log” file and remove it if debugging was ever enabled.

Additionally, experts recommend adding a rule in the “.htaccess” file to restrict access to log files. This mitigates the risk of attackers attempting to guess the new file name through brute force. The discovery of CVE-2024-44000 underscores the importance of proper debugging configuration and log management to minimize the risk of data breaches.

Notably, this is not the first vulnerability identified in the LiteSpeed Cache plugin in the past month. Previously, CVE-2024-28000 was reported, allowing an unauthorized attacker to gain administrator-level access, potentially affecting 5 million websites.