The critical vulnerability CVE-2024-50550 in the LightSpeed plugin allows hackers to escalate their privileges, gaining admin control over around 6 million WordPress sites.
Researchers at Patchstack identified that due to weak hash checks in the 'role simulation' feature, the LightSpeed plugin’s security can be easily undermined by predictable hash values.
Despite the release of a patch in version 6.5.2 that improves hash randomness, about 4 million WordPress sites using the vulnerable LightSpeed version remain exposed.
This isn't the first time LightSpeed has faced vulnerabilities; earlier this year, the plugin was also impacted by another critical issue that compromised site security.
Collection
[
|
...
]