Threat Report 13.05.24

Threat actors actively exploiting vulnerability in WordPress plugin LiteSpeed Cache

A high severity vulnerability in the WordPress plugin LiteSpeed Cache is being actively exploited by threat actors to completely take over affected WordPress sites. LiteSpeed Cache is a plugin for website performance improvement used by over 5 million websites. Statistics currently show that 16.8% of these websites are still using versions of the plugin without the fix applied for this vulnerability.

The vulnerability, tracked as CVE-2023-40000, is ranked high-severity with a CVSS score of 8.3. It’s a cross-site scripting (XSS) vulnerability that when abused, could allow an attacker to create an admin account on the targeted website, allowing a total site takeover.

To mitigate this issue, it’s recommended for users to ensure the plugin is updated to the latest version, as well as review and remove any unnecessary plugins to limit potential vulnerabilities. Any suspicious files or folders should also be removed.

Google releases fix for actively exploited Chrome zero-day vulnerability

Google has released an update for Google Chrome fixing a zero-day vulnerability in the software. The vulnerability is currently being actively exploited by threat actors, and is the fifth zero-day vulnerability in Chrome this year to be reportedly exploited in the wild.

The vulnerability, tracked as CVE-2024-4671, is ranked high-severity. It is a ‘use after free’ flaw which could lead to data leakage, code execution, or crashes when exploited.

To protect yourself from attack, it is recommended to ensure Chrome is updated to the latest available version which contains fixes for this vulnerability. This is especially important since threat actors are actively looking to take advantage of the vulnerability.

Vulnerabilities in F5’s BIG-IP Next Central Manager allow full device takeover

Two high severity vulnerabilities have been identified in F5’s Next Central Manager. The software acts as a centralised point of control for BIG-IP Next products.

Both vulnerabilities have a CVSS score of 7.5 and are ranked as high in severity. The first vulnerability is tracked as CVE-2024-21793 and is an OData injection vulnerability. The second is tracked as CVE-2024-26026 and is an SQL injection vulnerability. Both vulnerabilities when exploited allow an unauthenticated attacker to execute malicious SQL statements and gain full control of the affected device.

The vulnerabilities affect Next Central Manager versions from 20.0.1 to 20.1.0, and have now been addressed in version 20.2.0. It is recommended to update to the latest software version as soon as possible to prevent potential exploitation by threat actors.