📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, r__esearchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. On August 19th, 2024, the Wordfence Threat Intelligence team discovered that a critical vulnerability was patched in Litespeed Cache, a WordPress plugin installed on over 5,000,000 sites. We found that it is possible for an unauthenticated attacker to spoof their user ID in vulnerable versions, which ultimately makes it possible for them to register as an administrative-level user and completely take over a WordPress site. Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on August 20th, 2024. Sites using the free version of Wordfence will receive the same protection 30 days later on September 19th, 2024. While this vulnerability was not reported to the Wordfence Bug Bounty Program, it would’ve likely been awarded a bounty of around $23,400 – $31,200 during our ongoing Superhero Challenge, given the information we know about the vulnerability. We strongly advise users to update their sites with the latest patched version of Litespeed Cache, version 6.4.1 at the time of this writing, as soon as possible. We have no doubts that this vulnerability will be…Read More