Lightspeed critical escalation vulnerability

  • Resolved guckmada

    (@guckmada)


    3 months ago

    Hi,

    after reciving your e-mail today i looked at the installation.

    The Lightspeed plugin contents a folder named: Thirdparty

    There a files that are updated 5:13 German time yesterday:

    • aelia-currencyswitcher.cls.php
    • amp.cls.php
    • avada.cls.php
    • bbpress.cls.php and many other php files.

    In folder Lightspeed-cache/data/ is a file named advanced.data including code like

    [“_version”, “5.3”] [“guest”, true] and other for me suspicious looking codes.

    Is this hacked or what can / should i do?

    Best regards

    guckmada

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @guckmada,

    Which email are you referring to? The original files of WordPress itself or themes/plugins installed within WordPress itself are publicly available to anybody, including past versions, so you can check for valid paths/filenames or view their contents to compare them with your own.

    The ones you’ve mentioned are perfectly valid for Litespeed Cache. Wordfence would flag differences after a scan if they shouldn’t be there at all, or their contents have been changed on your site from the ones seen in the repository: https://plugins.trac.www.ads-software.com/browser/litespeed-cache/tags/6.4.1#thirdparty

    The advanced.data file looks like it lives in the litespeed-cache/data/preset folder on installation but its contents seem to match the example you’ve given above.

    Many thanks,
    Peter.

    Thread Starter guckmada

    (@guckmada)

    Hi Peter,

    thank you for your top answer! I am a receiving the newsletter from Wordfence ??

    Best regards

    Guckmada

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.