Nigeria warns Wordpress users as security flaw hits 5 million sites

Nigeria warns WordPress users as security flaw hits 5 million sites

Nigeria has issued an urgent warning about a critical security flaw that has affected over five million WordPress sites using the popular LiteSpeed Cache plugin.

The flaw allows attackers to gain full control of the affected websites without any authentication on the Litespeed cache, a popular plugin that is used to make WordPress sites load faster, and improve websites performance by storing frequently accessed data in a cache.

nigeria-warns-of-wordpress-litespeed-cache-flaw — Kashifu Inuwa Abdullahi, Director-General, NITDA.

NITDA: WordPress security flaw could cause data theft

According to the Nigeria Information Technology Development Agency (NITDA), the Federal IT agency that issued the warning, the vulnerability stems from a defect in the plugin’s “role simulation” feature. If exploited, attackers can manipulate this flaw to obtain administrative access, which could lead to severe consequences, including the installation of malicious plugins, data theft, and redirecting site visitors to harmful websites.

NITDA said in the statement that “the simplicity of the attack vector, combined with a weak hash function, makes it easy for attackers to exploit this vulnerability by guessing via brute-forcing or exploiting exposed debug logs.”

The implications of CVE-2024-28000 are significant, especially given the millions of installations of the LiteSpeed Cache plugin, the agency warned while adding that the potential for widespread exploitation raises alarms about an increase in cyberattacks targeting vulnerable sites.

To mitigate this, NITDA strongly advises website administrators using the LiteSpeed Cache plugin to update to the latest version, 6.4.1, as soon as possible. To perform the update, log in to your WordPress dashboard, navigate to the “Plugins” section, and apply the necessary updates.

NITDA: New community IT Centre in Lagos to drive grassroots digital inclusion

Governor lauds ‘decentralisation’ as NITDA launches South East unit in Enugu

AI Revolution: Nigeria urges African leaders to lead with co-intelligence

Abuja Start-up Hub: Nigeria secures ₦19 billion grant from Japan

NITDA, DBI forge ties to standardise digital literacy in Nigeria

Project Exit: NITDA, NFIU join forces on anti-money laundering

New phishing attack exploiting Microsoft tools, NITDA warns

NITDA trains 45,000 Nigerians in digital literacy in 2024, eyes 30 million by 2030

NITDA evaluates IT readiness of States in Nigeria

NITDA to Nigerians: Holiday shopping scams on the rise, stay alert

Additionally, website administrators should disable debugging and conduct regular audits as a preventive measure. “Ensure that debugging is turned off on live websites to reduce exposure to attacks,” and “conduct regular audits of plugin settings and configurations to identify and address potential vulnerabilities,” NITDA said.