"LiteSpeed Cache WordPress Plugin Bug Lets Hackers Get Admin Access"

The free version of the popular WordPress plugin LiteSpeed Cache recently fixed a dangerous privilege elevation flaw with its latest update that could allow unauthenticated site visitors to gain admin rights.  LiteSpeed Cache is a caching plugin used by over six million WordPress sites, helping to speed up and improve user browsing experience.  Security researchers at Patchstack discovered the high-severity flaw  CVE-2024-50550.  The researchers noted that CVE-2024-50550 is caused by a weak hash check in the plugin's "role simulation" feature, designed to simulate user roles to aid the crawler in site scans from different user levels.  The researchers noted that specifically, for CVE-2024-50550 to be exploitable, the following settings in the crawler need to be configured: run duration and intervals set between 2,500 and 4,000 seconds, the server load limit is set to 0, and role simulation is set to administrator.  An attacker who successfully exploits this flaw can simulate an administrator role, meaning they can upload and install arbitrary plugins or malware, access backend databases, edit web pages, and more.  LiteSpeed Technologies released a fix for CVE-2024-50550 in version 6.5.2 of the plugin, improving the hash value randomness and making brute-forcing them practically infeasible.

BleepingComputer reports: "LiteSpeed Cache WordPress Plugin Bug Lets Hackers Get Admin Access"