LiteSpeed Cache for WordPress Security Update: Your Site is Protected
At NoFrillsCloud, we’re committed to keeping your website secure. We recently became aware of a vulnerability in older versions of the LiteSpeed Cache for WordPress plugin. We’ve taken immediate action to protect our customers, and we’ll guide you through any additional steps you may need to take.
The Vulnerability
A cross-site scripting (XSS) vulnerability was found in LiteSpeed Cache versions 5.7 and below.
The vulnerability could have let attackers steal website information or gain control, even without having to log in. This happened because the plugin wasn’t properly checking and cleaning the data it received, which left an opening for attackers to exploit. The good news is, this issue has been fixed in plugin versions 5.7.0.1 and later. If you have the latest version installed, your website is protected from this specific threat.
For more technical users: This was a stored XSS vulnerability combined with improper access controls. It has been assigned the identifier CVE-2023-40000. For more technical details, please refer to the security advisory by Patchstack.
Actions Taken by NoFrillsCloud
We take security seriously. That’s why we acted immediately upon learning of the LiteSpeed Cache vulnerability.
All NoFrillsCloud customers using affected plugin versions have been automatically upgraded to version 5.7.0.1 (or newer) for protection against this specific threat. You didn’t have to do a thing – your websites are secure!
If you manage WordPress websites hosted elsewhere that use LiteSpeed Cache and currently have a LiteSpeed Cache version older than 5.7.0.1, please update to the latest version immediately. You can do this through your WordPress dashboard. The latest versions of LiteSpeed Cache often include performance improvements and new features, so updating is a win-win.
Proactive protection is our priority. We constantly monitor security alerts and take decisive action to safeguard your websites. We’ll continue to keep you informed about critical updates and security recommendations.
