Oliver Sild Founder of Patchstack explained to Search Engine Journal how this vulnerability was discovered and warned that updating the plugin is not enough, that a user still needs to manually purge their debug logs.
He shared these specifics about the vulnerability:
“It was found by our internal researcher after we processed the vulnerability from a few weeks ago.
Important thing to keep in mind with this new vulnerability is that even when it gets patched, the users still need to purge their debug logs manually. It’s also a good reminder not to keep debug mode enabled in production.”
Recommended Course of Action
Patchstack recommends that users of LiteSpeed Cache WordPress plugin update to at least version 6.5.0.1.
Read the advisory at Patchstack:
Critical Account Takeover Vulnerability Patched in LiteSpeed Cache Plugin
Featured Image by Shutterstock/Teguh Mujiono