A critical vulnerability has been identified in the LiteSpeed Cache plugin, a widely adopted WordPress plugin installed on numerous websites, surpassing 4 million installations. This vulnerability, designated as CVE-2023-40000, presents a significant security risk, potentially allowing threat actors to compromise affected websites and execute malicious code.

Affected Systems:

• WordPress LiteSpeed Cache plugin versions up to 5.6

Security Risks

The identified vulnerability exposes websites to multiple risks, including unauthorized access, data breaches, and potential defacement. Adversaries can exploit this flaw due to an inadequacy in input sanitization, enabling them to inject and execute arbitrary code on vulnerable websites.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Update, as soon as possible, to the latest supported version for the WordPress LiteSpeed Cache plugin in order to address the vulnerability and effectively mitigate associated risks.

 The latest WordPress LiteSpeed Cache plugin releases, to update to, is:

• WordPress LiteSpeed Cache plugin to version 6.1.

• Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• LiteSpeed Cache – WordPress plugin | WordPress.org