The technical explanation by Patchstack:
“The vulnerability exploits a user simulation feature in the plugin which is protected by a weak security hash that uses known values.
…Unfortunately, this security hash generation suffers from several problems that make its possible values known.”
Recommendation
Users of the LiteSpeed WordPress plugin are encouraged to update their sites immediately because hackers may be hunting down WordPress sites to exploit. The vulnerability was fixed in version 6.4.1 on August 19th.
Users of the Patchstack WordPress security solution receive instant mitigation of vulnerabilities. Patchstack is available in a free version and the paid version costs as little as $5/month.
Read more about the vulnerability:
Critical Privilege Escalation in LiteSpeed Cache Plugin Affecting 5+ Million Sites
Featured Image by Shutterstock/Asier Romero