WordPress users not on Windows urged to update due to critical LiteSpeed Cache flaw
- by nlqip
Although this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature enabled — are vulnerable,” the report said.
Windows systems not affected
Windows systems are immune to the vulnerability, the report continued, because a function required to generate the hash is not available in Windows, which, it said, “means the hash cannot be generated on Windows-based WordPress instances, making the vulnerability exploitable on other [operating systems] such as Linux environments.”
LiteSpeed “strongly recommends” that users upgrade to version 6.4 or higher of the plugin immediately, and also check their sites’ user lists for any unrecognized accounts with administrator privileges and delete them. If an upgrade isn’t immediately possible, it offered some temporary measures to mitigate the risk in its blog post describing the issue.
Source link
lol
Although this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature…
Recent Posts
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
- How to reduce cyber risk during employee onboarding
- Germany seizes 47 crypto exchanges used by ransomware gangs
- Police dismantles phone unlocking ring linked to 483,000 victims
- Ahead Adds Former Google Cloud VP To Board To ‘Fuel’ AI, Hybrid Cloud