WordPress users not on Windows urged to update due to critical LiteSpeed Cache flaw
- by nlqip
Although this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature enabled — are vulnerable,” the report said.
Windows systems not affected
Windows systems are immune to the vulnerability, the report continued, because a function required to generate the hash is not available in Windows, which, it said, “means the hash cannot be generated on Windows-based WordPress instances, making the vulnerability exploitable on other [operating systems] such as Linux environments.”
LiteSpeed “strongly recommends” that users upgrade to version 6.4 or higher of the plugin immediately, and also check their sites’ user lists for any unrecognized accounts with administrator privileges and delete them. If an upgrade isn’t immediately possible, it offered some temporary measures to mitigate the risk in its blog post describing the issue.
Source link
lol
Although this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature…
Recent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’