If you’re running a WordPress site in Nigeria, this is an alert you can’t afford to ignore! The National Information Technology Development Agency (NITDA) has just issued a critical security warning about a vulnerability affecting millions of websites worldwide, including yours.
The threat? A vulnerability known as CVE-2024-28000, which impacts the widely used LiteSpeed Cache plugin.
Hackers can exploit a weakness in LiteSpeed Cache’s “role simulation” feature, giving them admin access to your site without needing a password. This flaw opens the door to all kinds of trouble. Once inside, cybercriminals can install malicious plugins, steal your data, or even redirect visitors to unsafe websites.
To make matters worse, the attack is so simple to execute. Hackers can brute force their way in or use exposed debug logs to gain admin rights. If your site falls victim, you could face data theft, site defacement, or worse — visitors being sent to shady websites.
There’s a quick fix for all these. NITDA urges all WordPress site owners to immediately update the LiteSpeed Cache plugin to the latest version (6.4.1). You can do this through your WordPress dashboard under the “Plugins” section. Also, make sure to disable debugging on live sites as it can expose sensitive information and regularly review your plugin settings for any potential risks.
LiteSpeed Cache is known for boosting website speed, but this isn’t its first vulnerability. Past issues have included cross-site scripting and privilege escalation, making regular updates crucial for your site’s security.
Update your LiteSpeed Cache plugin now.
