By Yahaya Sule , Abuja 

The National Information Technology Development Agency (NITDA) has sent out a serious security alert about a new vulnerability called CVE-2024-28000, affecting over 5 million websites globally.

It identify the LiteSpeed Cache plugin, a tool many people use to speed up their websites as the major problem which Hackers can exploit and potentially take full control of a site.

the issue lies in the plugin’s “role simulation” feature, which gives cybercriminals admin access to a site without needing a password.

This, it warned enable them to install malicious plugins, steal data, or even redirect visitors to sketchy websites.

To make things worse, the attack is easy for hackers to pull off, thanks to a weak hash function and the simplicity of the exploit. They can brute force their way in or use exposed debug logs to grab admin rights. If your site gets hit, you could be dealing with data theft, site defacement, or worse, your visitors being sent to dodgy websites.

What to do?

NITDA recommends you update the LiteSpeed Cache plugin to the latest version (6.4.1) ASAP. You can do this in your WordPress dashboard under “Plugins.” Also, turn off debugging on live sites (it can expose sensitive info) and regularly check your plugin settings for risks.

While LiteSpeed Cache helps boost your site speed, it has had its share of vulnerabilities in the past, from cross-site scripting to privilege escalation.