Analysis Summary

A high-severity vulnerability, CVE-2024-50550, was discovered in the LiteSpeed Cache plugin for WordPress. This vulnerability exposes users to potential privilege escalation attacks. With a CVSS score of 8.1, this flaw could allow unauthenticated attackers to gain administrator-level access, facilitating malicious actions like installing harmful plugins.

The flaw has been reported in LiteSpeed Cache's latest version, 6.5.2 which eliminates the privilege escalation pathway and strengthens hash generation removing the vulnerable "role simulation" function identified by researchers.

This vulnerability resides in the is_role_simulation function, which, through a weak hash check could be brute-forced enabling attackers to simulate a logged-in administrator session. Specific plugin settings like enabling the "Crawler" function with role simulation set to an admin role ID were necessary for successful exploitation. The patch replaces the flawed hash function with a more secure random hash generation eliminating the fixed limit of 1 million hash possibilities thus making brute-forcing considerably more difficult.

CVE-2024-50550 is the third vulnerability reported in LiteSpeed Cache within two months, following CVE-2024-44000 (CVSS 7.5) and CVE-2024-47374 (CVSS 7.2). The researchers' findings highlight the importance of robust security practices particularly in handling nonces and security hashes that rely on randomness. Although PHP’s rand() and mt_rand() functions can generate random values for general purposes, they aren’t unpredictable enough for secure operations, especially when poorly seeded.

The vulnerability disclosure also coincides with ongoing security challenges in other WordPress plugins, including recent critical issues in Ultimate Membership Pro. These issues (CVE-2024-43240, CVSS 9.4; CVE-2024-43242, CVSS 9.0) underscore the risks of outdated plugins and unpatched vulnerabilities. Researchers have also advised users to monitor for updates, particularly as some plugin developers have moved away from WordPress.org amid disputes potentially leaving users unaware of security patches.

Impact

• Unauthorized Access
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-50550

Affected Vendors

Remediation

• Immediately update LiteSpeed Cache to version 6.5.2 or later to patch the vulnerability.
• Enhance the security of your WordPress site by implementing two-factor authentication.
• Keep your WordPress core and all installed plugins up to date.
• Conduct regular security audits of your WordPress site.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets
• Maintain daily backups of all computer networks and servers.
• Keep all software, operating systems, and applications updated with the latest security patches.
• Continuously monitor network and system logs for unusual or suspicious activities.
• Review and secure website code to prevent open redirect vulnerabilities.
• Educate all site administrators about security best practices and the potential risks associated with phishing emails, fake security advisories, and malicious plugins.