NITDA Urges LiteSpeed Cache Users to Update for Website Security

The National Information Technology Development Agency (NITDA) has urged users of the LiteSpeed Cache plugin for WordPress to update to version 6.4.1 to safeguard their websites from potential attacks.

In a statement on Monday, Mrs. Hadiza Umar, Director of Corporate Affairs and External Relations, highlighted that the LiteSpeed Cache for WordPress (LSCWP), which optimizes site performance, has a critical security vulnerability (CVE-2024-28000) impacting over five million websites.

WordPress LiteSpeed Cache Plugin Vulnerability 🚨#BeCyberSmart pic.twitter.com/SmdUZE4mM8

— NITDA Nigeria (@NITDANigeria) September 29, 2024

This flaw, found in the plugin’s role simulation feature, allows attackers to gain complete administrative control without authentication, potentially resulting in the installation of malicious plugins, data theft, or site visitor redirection to harmful sites.

Also Read: NITDA warns Nigerians about new email-based attacks

Umar emphasized the ease of exploiting this vulnerability due to a weak hash function and exposed debug logs.

Website administrators are strongly advised to update immediately through the WordPress dashboard and ensure debugging is disabled on live sites while regularly reviewing plugin settings to prevent similar issues.

“As a precautionary measure, administrators should ensure that debugging is disabled on live websites and regularly audit their plugin settings to prevent vulnerabilities from being exploited,” Umar said.