CyberSecurityBoard
Sponsor Register Login

WordPress Vulnerabilities, Exploiting LiteSpeed Cache and Email Subscribers Plugins

Learn about the critical vulnerabilities in LiteSpeed Cache and Email Subscribers plugins for WordPress, exploited by hackers to create admin account.
In recent cybersecurity developments, hackers have been leveraging a critical vulnerability within the LiteSpeed Cache plugin for WordPress to exploit websites running outdated versions.
LiteSpeed Cache, a popular caching plugin utilized by over five million WordPress sites, is designed to enhance page load times, improve user experience, and boost search engine rankings.
Security experts at Automattic's security team, WPScan, have observed a significant increase in malicious activities targeting WordPress sites with versions of the LiteSpeed Cache plugin older than 5.7.0.1.
The vulnerability in question, tracked as CVE-2023-40000, is a high-severity unauthenticated cross-site scripting flaw.
Attackers are taking advantage of this vulnerability to inject malicious JavaScript code into critical WordPress files or the database of vulnerable websites.
They are able to create administrator-level user accounts with specific names like 'wpsupp-user' or 'wp-configuser.
Despite efforts by many LiteSpeed Cache users to update to newer, non-vulnerable versions, an alarming number of sites-up to 1,835,000-still operate on outdated releases, leaving them susceptible to exploitation.
This vulnerability, affecting plugin versions 5.7.14 and older, allows attackers to execute unauthorized queries on databases, thereby creating new administrator accounts on vulnerable WordPress sites.
To address these threats effectively, WordPress site administrators are urged to promptly update plugins to the latest versions, remove unnecessary components, and remain vigilant for signs of suspicious activity, such as the sudden creation of new admin accounts.
In the event of a confirmed breach, comprehensive cleanup measures are essential, including the deletion of rogue accounts, password resets for all existing accounts, and the restoration of clean backups for both the database and site files.
By staying proactive and implementing robust security practices, website owners can minimize the risk of falling victim to such malicious activities and safeguard their online assets effectively.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 12 May 2024 14:28:06 +0000


Cyber News related to WordPress Vulnerabilities, Exploiting LiteSpeed Cache and Email Subscribers Plugins

WordPress Vulnerabilities, Exploiting LiteSpeed Cache and Email Subscribers Plugins - Learn about the critical vulnerabilities in LiteSpeed Cache and Email Subscribers plugins for WordPress, exploited by hackers to create admin account. In recent cybersecurity developments, hackers have been leveraging a critical vulnerability within ...
5 months ago Cysecurity.news
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 month ago Esecurityplanet.com
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack - On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. We immediately notified the WordPress Plugin's Team and they removed the ...
4 months ago Wordfence.com
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords - Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits the ...
4 months ago Wordfence.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
11 months ago Cybersecuritynews.com
How Purge Cache Keeps Your Website Content Fresh and Responsive - By bringing content closer to each visitor, CDNs improve performance and reduce load on the origin server - caching is the raison d'etre for CDNs. The reason for this is a CDN's effectiveness can be measured by the cache hit ratio, which is the ...
10 months ago Imperva.com
CVE-2023-2813 - All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before ...
1 year ago
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
9 months ago Securityzap.com
75K+ WordPress Sites Impacted by Critical Plugin Flaws - A large-scale breach has impacted more than 75,000 WordPress sites that are running an online course plugin. According to security researchers, the plugin has three critical vulnerabilities that could expose customer data and be used to take over ...
1 year ago Bleepingcomputer.com
WordPress Request Architecture and Hooks - Before diving into the security features of WordPress, it's critical to understand the underlying request architecture. WordPress is a dynamic system that processes and responds to user requests in various ways, depending on the nature of the request ...
4 months ago Wordfence.com
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
7 months ago Wordfence.com
What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
10 months ago Techtarget.com
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
9 months ago Securityboulevard.com
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
1 month ago Wordfence.com
February 1, 2024: A Date All Email Senders Should Care About - For any organization sending bulk email or high email volumes to Google and Yahoo accounts, there's one date you should have flagged on your calendar. On February 1st, guidance indicates you'll need to pay attention if you are sending over 5000 ...
9 months ago Feedpress.me
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
10 months ago Itsecurityguru.org
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
10 months ago Itsecurityguru.org
Security Boulevard - With the rising volume of fraudulent emails and AI-enhanced phishing scams, industry giants such as Google, Yahoo, and Microsoft have doubled their email security efforts. DMARC builds on two existing email authentication technologies: Sender Policy ...
9 months ago Securityboulevard.com
Google Chrome's new cache change could boost performance - Google is introducing a significant change to Chrome's Back/Forward Cache behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. "Bfcache is an in-memory cache that stores a ...
11 months ago Bleepingcomputer.com
CVE-2023-30853 - Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration ...
1 year ago
ChatGPT Extensions Could be Exploited to Steal Data and Sensitive Information - API security professionals Salt Security have released new threat research from Salt Labs highlighting critical security flaws within ChatGPT plugins, presenting a new risk for enterprises. Plugins provide AI chatbots like ChatGPT access and ...
7 months ago Itsecurityguru.org
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack - After adding the malicious code to our Threat Intelligence Database and examining it, we quickly discovered that several other plugins were also affected. We will begin with the Blaze Widget plugin which saw the largest amount of activity in terms of ...
4 months ago Wordfence.com
CVE-2021-41589 - In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous ...
3 years ago
How to Encrypt Emails in Outlook? - If you are sending out a confidential email and are scared of its content getting tampered with in transit, then you should learn how to encrypt an email in Outlook. As of 2023, the global email encryption market size is USD 6.2 billion, which is ...
10 months ago Securityboulevard.com
Code Execution Update: Improve WordPress Security - In the ever-evolving landscape of digital security, WordPress has recently released a critical code execution update, version 6.4.2, addressing a potential threat that could jeopardize the integrity of vulnerable sites. This update, triggered by the ...
10 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)