The National Information Technology Development Agency (NITDA) has issued a critical warning to WordPress users in Nigeria regarding a newly discovered security vulnerability, CVE-2024-28000, which threatens over five million websites globally.
In an official statement, NITDA explained that this vulnerability affects the LiteSpeed Cache plugin, a popular tool used to enhance website performance. The flaw stems from the plugin’s “role simulation” feature, which could allow cybercriminals to gain unauthorized administrative access to websites without needing a password. Once inside, attackers can install malicious plugins, steal sensitive data, or even redirect visitors to harmful sites.
NITDA stressed that the simplicity of the exploit, combined with a weak hash function, makes it easy for hackers to brute force their way into websites. Furthermore, exposed debug logs can be manipulated to gain administrative privileges, leaving websites at risk of data theft, defacement, and phishing scams.
To mitigate the risk, NITDA strongly advised all WordPress users to immediately update the LiteSpeed Cache plugin to version 6.4.1. Website administrators can do this by logging into their WordPress dashboard, navigating to the “Plugins” section, and ensuring their plugin is up to date. The agency also urged users to disable debugging on live sites and regularly review plugin settings to minimize security vulnerabilities.
Read also: NCC Issues a Final Deadline for NIN-SIM Linkage and Warns of Strict Penalties.
This security issue poses a significant threat, especially to businesses in Nigeria that rely on WordPress for their online presence. The implications of a breach could include financial loss and severe reputational damage.
NITDA’s warning underscores the need for swift action, as cybercriminals continue to exploit weaknesses in commonly used tools. NITDA urges WordPress users to follow these recommendations to protect their websites and secure their data and users.
The agency emphasized that although LiteSpeed Cache improves site speed, its vulnerabilities require constant vigilance to prevent exploitation.
