₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,329,710 members, 8,441,875 topics. Date: Thursday, 09 July 2026 at 09:37 AM

Toggle theme

NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability - Webmasters - Nairaland

Nairaland ForumScience/TechnologyWebmastersNITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability (8758 Views)

1 2 Reply (Go Down)

NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by nlfpmod(mod): 12:19pm On Oct 02, 2024
If you’re running a WordPress site in Nigeria, listen up — this is for you! The National Information Technology Development Agency just sent out a serious security alert about a new vulnerability called CVE-2024-28000, affecting over 5 million websites globally.

The problem? It’s with the LiteSpeed Cache plugin, a tool many people use to speed up their websites. Hackers can exploit this and potentially take full control of your site. Yep, it’s as bad as it sounds.

Here’s the scoop: the issue lies in the plugin’s “role simulation” feature, which gives cybercriminals admin access to your site without needing a password. Once they’re in, they can install malicious plugins, steal your data, or even redirect visitors to sketchy websites. It’s a huge deal, and you don’t want to be on the receiving end of this.

To make things worse, the attack is easy for hackers to pull off, thanks to a weak hash function and the simplicity of the exploit. They can brute force their way in or use exposed debug logs to grab admin rights. If your site gets hit, you could be dealing with data theft, site defacement, or worse, your visitors being sent to dodgy websites.

But don’t freak out just yet — there’s something you can do! NITDA recommends you update the LiteSpeed Cache plugin to the latest version (6.4.1) ASAP. You can do this in your WordPress dashboard under “Plugins.” Also, turn off debugging on live sites (it can expose sensitive info) and regularly check your plugin settings for risks.

While LiteSpeed Cache helps boost your site speed, it has had its share of vulnerabilities in the past, from cross-site scripting to privilege escalation. The key to staying safe?

Keep everything updated and stay alert for any security warnings. So, if you have not already, go update that plugin right now — your website's safety depends on it!
https://techpoint.africa/2024/10/01/techpoint-digest-934/

Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by AntiChristian: 12:24pm On Oct 02, 2024
tongue

Oya uninstall LiteSpeed Plugin...................

Oya install................ cool
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by IamANigerianMan: 12:24pm On Oct 02, 2024
Failed nitda
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by Helpfromabove1(m): 12:24pm On Oct 02, 2024
Start from warning tinubu that the hunger in the land will soon lead to revolution if he doesn’t do something about it
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by santaclaws: 12:24pm On Oct 02, 2024
Nice update from NITDA. A lot of Nigerian websites are made with WordPress , so this should come in handy.

I remember a WordPress site I worked on where we had to overhaul the entire website architecture cos there was a botnet malware on the site... WordPress is just too vulnerable these days.
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by HighChiefZino: 12:27pm On Oct 02, 2024
Shit!
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by Imperare: 12:27pm On Oct 02, 2024
Who needs Wordpress when you can code everything by yourself?
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by AlbertNewton: 12:28pm On Oct 02, 2024
PLEASE I NEED SOME INFO ON THIS:

If you build and operate a website in Nigeria where your users (Nigerians) pay certain amount (through a payment gateway) to play a certain game and potentially win monetary prizes (that will be paid to their bank accounts through payment gateway), what are some legal and financial regulations that such a website has to abide by to operate legally in Nigeria ?
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by beardedboy(m): 12:30pm On Oct 02, 2024
Imperare:
Who needs Wordpress when you can code everything by yourself?
Myopic statement
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by tunjijones(m): 12:33pm On Oct 02, 2024
NITDA, that very corrupt government parastatal.

Their director was even an extemst and maybe a terrorist during Buhari regime.
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by mekleelex200(m): 12:34pm On Oct 02, 2024
Imperare:
Who needs Wordpress when you can code everything by yourself?
People are lazy and it cost more money and time to code your own.
Additional, people that are called programmers in Nigeria are just templates programmers, they cannot create.
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by Afonja44: 12:37pm On Oct 02, 2024
This is their job?


Spits*
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by ATEAMS: 12:37pm On Oct 02, 2024
Problems no de finish
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by iLoveYouToo(m): 12:38pm On Oct 02, 2024
Have you guys heard of the O.MG cable? 2 units available
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by Besto(m): 12:45pm On Oct 02, 2024
Small nyash dey shake.

For their mind them give update
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by wonlasewonimi: 12:45pm On Oct 02, 2024
is it this one that has CVSS of 9
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by omoredia: 12:48pm On Oct 02, 2024
Lies. I will only believe these morons until I see a functional Nigerian website that actually works and is not a chore to use
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by Fryx:
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by HawkTuah: 12:50pm On Oct 02, 2024
Imperare:
Who needs Wordpress when you can code everything by yourself?
Show us website you code by yourself
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by sparko1(m): 12:52pm On Oct 02, 2024
AntiChristian:
tongue

Oya uninstall LiteSpeed Plugin...................

Oya install................ cool
Even version 6.5.1 is already out, this is like old news.
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by bassdow:
santaclaws:
Now I get what, what you mean... You just build around the template to avoid too much background work... Correct guy 👊🏾
not just building around the template. I ditch almost all things WORDPRESS including filters and actions, and global variables. Just pure PHP. Wordpress only takes charges mostly on admin area.

Even the wp_posts table and most other core WordPress default tables are rarely used. Even the WordPress menu is heavily cached that it's only refreshed on EDIT and access from cache using raw PHP.

More like a headLess WordPress but still on Wordpress. Means even the WP_Query class, the global $wp_query variable and lots of others gets completely disabled.

In fact WordPress ain't even given any chance to run at all except you're accessing the admin area.

These were the things I did before completely moving away from PHP. I still right PHP though either via my own custom frameWork, or via WordPress if need be.
All about using the right tool for the right task
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by wealthpreach(m): 12:57pm On Oct 02, 2024
Back up your files and download them. In case of a possible attack, you can always delete the WordPress installation and restore your backed-up files in a new database.


Also, ensure to use a hosting company that gives an F. The last time I came under attack, my hosting providers fixed everything promptly.

In my case, the malware recreated itself even on the new installation. So, I had to create a new account, where they transferred my subscription. I then installed the old files I had backed up a while ago.

As for the articles that were not on the old files, I had to restore them using Google Cache.
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by bassdow:
Ain't this for those using wordPress on LiteSpeed webServer na


santaclaws:
Nice update from NITDA. A lot of Nigerian websites are made with WordPress , so this should come in handy.

I remember a WordPress site I worked on where we had to overhaul the entire website architecture cos there was a botnet malware on the site... WordPress is just too vulnerable these days.
At the bolded, it's those who called themselves developers that make wordPress look vulnerable. Rarely use wordPress but when I do, I use it as frameWork.

Let's not even speak of those that installs plugin for all functionalities; and lots of plugins and/ or themes are even poorly coded.

The Core of wordPress it's self ain't [really] vulnerable
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by noskcid(m): 1:13pm On Oct 02, 2024
beardedboy:
Myopic statement
Very myopic
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by noskcid(m): 1:13pm On Oct 02, 2024
Your Wordpress plugins won’t even function fine if you don’t update it in the first place.

Nigeria government agencies can post outdated info just to make the naive ones believe they are working.

I know better.

Nigerian government no fit build tech schools all these years not to talk of subsidizing it.
Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by crentina(f):
It's good, this part of their job. Reach us for free consultation

AlbertNewton:
PLEASE I NEED SOME INFO ON THIS:
If you build and operate a website in Nigeria where your users (Nigerians) pay certain amount (through a payment gateway) to play a certain game and potentially win monetary prizes (that will be paid to their bank accounts through payment gateway), what are some legal and...

Re: NITDA Warns Wordpress Users Against CVE-2024-28000 Vulnerability by en0uwem: 1:16pm On Oct 02, 2024
Since August!!
1 2 Reply

NITDA Warns Wordpress Users In NigeriaWordpress Users:- Don’t Use This Two Plugins At Same TimeWordpress Users:- Don’t Use This Two Cache Plugins At Same Time234

What Does This Message From Adsense Means» 5 Untrue Stories About Getting Google Adsense Aproval3 Major Ways, One Fundamental Tip For Blog's Traffic