WordPress users not on Windows urged to update due to critical LiteSpeed Cache flaw
- by nlqip
Although this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature enabled — are vulnerable,” the report said.
Windows systems not affected
Windows systems are immune to the vulnerability, the report continued, because a function required to generate the hash is not available in Windows, which, it said, “means the hash cannot be generated on Windows-based WordPress instances, making the vulnerability exploitable on other [operating systems] such as Linux environments.”
LiteSpeed “strongly recommends” that users upgrade to version 6.4 or higher of the plugin immediately, and also check their sites’ user lists for any unrecognized accounts with administrator privileges and delete them. If an upgrade isn’t immediately possible, it offered some temporary measures to mitigate the risk in its blog post describing the issue.
Source link
lol
Although this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA