Security researchers have identified that a WordPress plugin vulnerability could allow attackers to retrieve user cookies and potentially take over websites.
The vulnerability tracked as CVE-2024-44000, exists in the popular plugin LiteSpeed Cache because it include the HTTP response header for set-cookie in the debug log file after a login request.
The debug log file is publicly accessible and an unauthenticated attacker could access the information exposed in the file and extract any user cookies stored in it and allows the attackers to log in to the affected websites as any user for which the session cookie has been leaked, including as administrators, which could lead to site takeover.
This impacts any website that had the debug feature enabled at least once if the debug log file has not been purged. Also, the plugin has a Log Cookies setting that could also leak users’ login cookies if enabled. There is no significant impact if the plugin is kept disabled.
To address the flaw, the LiteSpeed team released the LiteSpeed Cache version 6.5.0.1, but millions of websites might still be affected.
