Securing Your WordPress Site: LiteSpeed’s LSWCP Vulnerability and Upgrade

Securing Your WordPress Site: LiteSpeed’s LSWCP Vulnerability and Upgrade

Share this article

If you’re a WordPress user, and you use the LiteSpeed Cache plugin, please be aware that a vulnerability in the plugin, identified as CVE-2023-40000 poses a significant risk. The flaw allows unauthorized users to escalate their privileges and gain higher levels of access. A cyber security nightmare!

Rest assured, WHC has swiftly updated to the latest, secure version of the LiteSpeed Cache for WordPress (LSCWP) plugin effectively patching the vulnerability, wherever we had access and permission.

LiteSpeed Cache for WordPress is a powerful plugin designed to accelerate websites performance and scalability. This tool boosts website speed and handles more visitors by reducing server load, ensuring pages load quickly for a smoother user experience.

Who is impacted?

This vulnerability affects WordPress installations that use LiteSpeed Cache for WordPress (LSCWP) with versions older than 5.7. The LiteSpeed Web Server itself is not affected by this vulnerability. The other cache plugins (Joomla, Laravel, OpenCart, Prestashop, etc.) are not reported to be affected by the present vulnerability.

What’s the vulnerability?

The LiteSpeed Cache vulnerability allows hackers to perform site-wide stored cross-site scripting (XSS) attacks. This enables attackers to inject malicious scripts, steal your data and potentially gain unauthorized access and control over your WordPress site if the vulnerability is not patched.

What we’ve done

  1. Updated LiteSpeed Cache for WordPress (LSCWP) Plugin: The WHC Team upgraded to the latest, secure version, eliminating the vulnerability for all eligible WordPress installations accessible via our automation tools. (Web hosting clients with active LSWCP plugin already enabled)
  2. Provide assistance for Cloud and Dedicated servers’ clients on cPanel who are using LiteSpeed Web Server. These clients should upgrade the LSWCP Plugin via the tool named LSCWP Version Manager inside their WHM interface. Contact support if you need help using the version manager tool.
  3. Continuous Monitoring: Our team continues to keep an eye on potential threats, ready to act.

Stay informed and secure

CVE-2023-40000 isn't the first vulnerability, and it won't be the last. In today’s online world, Cybersecurity is more important than ever. That’s why WHC stays proactive to keep your online presence secure and your information safe.

Keeping you informed is important, as we value transparency. If you have any questions, our team is ready to answer them, 24/7. Thank you for placing your trust in us.

About the author: Marie-Eve Petit

Marie-Eve is WHC’s Marketing Manager and a true word nerd. She loves keeping busy creating content, writing blogs or conversion copy. She also spends way too much time on Twitter and enjoys meditating with a Spritz in hand.

See all articles from this author Interested in writing for Web Hosting Canada?
Web Hosting Canada manages fast and reliable online infrastructure with 24/7 support. Learn more about WHC