ALERT: ITS IA Alert for LiteSpeed Cache Plugin

A critical vulnerability in the LiteSpeed Cache plugin for WordPress allows threat actors to spoof credentials and gain admin privileges on affected sites.

An incorrect privilege assignment vulnerability in LiteSpeed Cache versions prior to 6.4 allows unauthenticated site visitors to perform privilege escalation and can allow threat actors to gain administrative privileges on affected systems.

To see if the LiteSpeed plugin is installed on your WordPress server:

• From the admin dashboard: click on Plugins in the left menu. This will show which plugins are installed and activated. The plugin version is listed after its description.
• From the command line: The command wp plugin list will list what plugins are installed, along with the version and status for each one. The command wp plugin update can be used to update the plugin to the latest version, or wp plugin delete can be used to uninstall it.  Adding --help to any of these commands displays instructions on how to use that command.

Update LiteSpeed Cache plugin to version 6.4 or later. The need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21). Updates can be performed from the admin dashboard, or using the command line as noted above.

If you have LiteSpeed installed but not activated, you should delete it or update it before activating. Do not activate older versions of the plugin!

Please contact ITS Information Assurance through the ITS Service Center.

• Critical Privilege Escalation in LiteSpeed Cache Plugin Affecting 5+ Million Sites (Patchstack, 8-21-2024)
• Over 5,000,000 Site Owners Affected by Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin (Wordfence, 8-21-2024)