NITDA Issues Security Alert on New Vulnerability Affecting Over Five Million Websites

NITDA Issues Security Alert on New Vulnerability Affecting Over Five Million Websites 

The National Information Technology Development Agency (NITDA) has issued a critical security alert regarding a newly discovered vulnerability, CVE-2024-28000, that poses a serious threat to over 5 million websites worldwide.

The vulnerability affects the LiteSpeed Cache plugin, a widely used optimization tool for WordPress websites, potentially allowing cybercriminals to take full control of compromised sites.

The flaw arises from the plugin’s “role simulation” feature, which can be exploited to grant unauthorized administrative access without requiring authentication. If successfully exploited, attackers could install malicious plugins, steal sensitive data, or redirect website visitors to harmful sites.

NITDA warned that this vulnerability is particularly dangerous due to the weak hash function and simplicity of the attack vector.

Cybercriminals can exploit the vulnerability through brute-force attacks or by manipulating exposed debug logs to gain administrative privileges.

With millions of websites using the LiteSpeed Cache plugin, the potential impact is significant. NITDA identified several risks, including:

Data theft: Attackers could steal personal or financial information from website users.

Website defacement: Cybercriminals might alter website content or disrupt services by installing malicious code.

Redirection to malicious sites: Visitors could be led to phishing sites or exposed to malware.

The agency emphasized that businesses reliant on WordPress could face severe consequences, including financial losses and reputational damage, if this vulnerability is exploited.

To mitigate the risks, NITDA is urging all WordPress administrators using the LiteSpeed Cache plugin to update to the latest version (6.4.1) immediately.

The agency advised users to log into their WordPress dashboard, check the “Plugins” section, and apply updates as necessary.

Additionally, NITDA recommended disabling the debugging feature on live websites and conducting regular security audits to minimize exposure to vulnerabilities.

“Website owners should frequently check for vulnerabilities and ensure their plugins are up to date,” NITDA advised.

This alert underscores the ongoing threat posed by cybersecurity vulnerabilities and highlights the need for proactive measures to protect digital assets.