WordPress website owners beware! Two recent security threats highlight the importance of keeping your website up-to-date and implementing strong security practices.
1. LitSpeed Cache Vulnerability Under Attack (CVE-2023-40000):
A recent research highlights a critical vulnerability (CVE-2023–40000) in the popular LiteSpeed Cache plugin exposes websites to complete takeover. Attackers can exploit this flaw to create administrator accounts, granting them full control over the compromised site’s content, configuration, and user data.
2. Mal.Metrica Redirects Users to Scam Sites:
- Adding to the security research, Sucuri’s blog (dns.startservicefounds[.]com and api.startservicefounds[.]com) details a new scam campaign targeting compromised WordPress websites.
- This Mal.Metrica exploit redirects users to fraudulent websites, potentially leading to data theft or malware infection.
WPScan researchers Cleanup Procedures
- Review installed plugins, apply any available updates, and delete folders associated with suspicious plugins.
- Watch out for malicious users with admin privileges, such as wpsupp‑user and wp‑configuser.
- Search in database for suspicious strings like “eval(atob(Strings.fromCharCode“. Specifically in the option litespeed.admin_display.messages.
The Cyber attackers may inject this script into vulnerable versions of the LiteSpeed plugin, posing security risks, according to WPScan.
Patch Available, But Many Remain Vulnerable
The good news is that a patch for this vulnerability was released by LiteSpeed Cache in October 2023. However, the article points out that many websites are still using outdated, vulnerable versions of the plugin. This leaves them exposed to potential attacks.
What WordPress Users Should Do:
Here’s a critical action plan to protect your website:
- Update LiteSpeed Cache Immediately: Check your WordPress dashboard and update the LiteSpeed Cache plugin to version 5.9.0 or later. This patch addresses the CVE-2023-40000 vulnerability.
- Scan for Malicious Code: Even after updating, it’s wise to scan your website for any suspicious files injected by attackers. Consider using a security plugin or website scanner for this purpose.
- Delete Unused Administrator Accounts: Review your administrator accounts and delete any you don’t recognize or haven’t used recently.
- Maintain Updates on All Plugins and Themes: Regularly update WordPress core, themes, and all other plugins to benefit from the latest security patches. Outdated software is a major target for attackers.
- Consider a Security Scanner: Implementing a security scanner can help identify and address potential vulnerabilities on your website before attackers exploit them.
Keep Update Your Plugins and WordPress CMS
This incident highlights the importance of staying vigilant about WordPress security. Regularly update your WordPress core, themes, and plugins to benefit from the latest security patches. Additionally, consider using a security scanner to identify and address potential vulnerabilities on your website.