NITDA Warns WordPress Users of Security Vulnerability that affects 5 million sites
-
Loading... - Daniel Oguche
- 02 Oct 2024
- 75 Views
- 0 Like
- 0 Comment
The National Information Technology Development Agency (NITDA) has issued a warning about a critical security vulnerability, CVE-2024-28000, which affects over five million websites using the LiteSpeed Cache plugin on WordPress. This vulnerability could allow cybercriminals to gain full control of affected sites, putting both site owners and users at risk.
The flaw stems from the plugin's "role simulation" feature, which attackers can exploit to gain administrative access without requiring authentication. Once inside, they could install malicious plugins, steal sensitive data, or redirect visitors to harmful websites. The vulnerability is particularly dangerous due to the weak hash function and simple attack vector, making it easier for attackers to brute-force their way into websites.
Key risks include:
- Data theft: Cybercriminals could steal personal and payment data from users.
- Website defacement: Attackers may alter website content or embed harmful code.
- Phishing and malware: Site visitors could be redirected to malicious websites, increasing the risk of phishing scams and malware infections.
NITDA strongly urges all WordPress administrators using LiteSpeed Cache to update to the latest version (6.4.1) immediately to prevent exploitation. Administrators can check for updates by logging into their WordPress dashboard and updating the plugin under the "Plugins" section.
This proactive step is crucial to protect websites from potential attacks and safeguard sensitive data and site functionality.
