Hackers can exploit LiteSpeed Cache plugin to control WordPress sites

Summary: A high-severity flaw in LiteSpeed Cache plugin for WordPress, tracked as CVE-2023-40000, allows hackers to create admin accounts by injecting malicious JavaScript. Over 1.8 million users are at risk with versions 5.7.0.1 or older. The current version, 6.2.0.1, is secure. One threat actor made over a million probing requests in April 2024. Users are urged to update to the latest version and remove unused plugins and themes.

Full article