NITDA urges users of LiteSpeed Cache plugin for WordPress to update
Business
THE National Information Technology Development Agency (NITDA) has called on users of LiteSpeed Cache plugin for WordPress, to update to the latest version, (6.4.1), to prevent their websites from being attacked.
Mrs Hadiza Umar, Director, Corporate Affairs and External Relations of the agency, said this in a statement in Abuja on Monday.
LiteSpeed Cache for WordPress (LSCWP) is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection of optimisation features.
Umar said that a critical security vulnerability (CVE-2024-28000) had been discovered in the LSCWP, affecting over five million websites.
“This vulnerability allows attackers to take complete control of a website without requiring any authentication.
“The vulnerability is due to a flaw in the plugin’s role simulation feature and if exploited, an attacker can manipulate this flaw to gain administrative access to the website.
“This could lead to the installation of malicious plugins, theft of data, or even redirection of site visitors to harmful websites.
“Website administrators using the LiteSpeed Cache plugin are strongly advised to update to the latest version (6.4.1) immediately,” she said.
She noted that the simplicity of the attack vector, combined with a weak hash function, made it easy for attackers to exploit this vulnerability by guessing via brute-forcing or exploiting exposed debug logs.
According to her, to check for updates, log in to your WordPress dashboard and navigate to the Plugins section, where you can update the LiteSpeed Cache plugin.
“As a precautionary measure, administrators should ensure that debugging is disabled on live websites and regularly audit their plugin settings to prevent vulnerabilities from being exploited,” Umar said.
(NAN)
A.I
Sept. 30, 2024
Related Posts
UBA makes profit before tax of N401.6bn
AFRICA’s Global Bank, United Bank for Africa (UBA) Plc has released its audited financial results for the half year ended...
Read MoreNestlé Nigeria’s CEO, Wassim Elhusseini, honored at BusinessDay top 25 CEO Awards
NESTLé Nigeria is proud to announce that its Chief Executive Officer, Mr. Wassim Elhusseini, has been recognized as one of...
Read MoreMaster baker threatens to sue GTB over alleged restriction on bank account
AN Abuja-based master baker, Miss Faith Iwu, has threatened to sue the Guaranty Trust Bank (GTB) if alleged restriction placed...
Read MoreMost Read
Subscribe to Our Newsletter
Keep abreast of news and other developments from our website.