Hackers can exploit LiteSpeed Cache plugin to control WordPress sites
TechRadar — May 8, 2024, 09:00 PM UTC
Summary: A high-severity flaw in LiteSpeed Cache plugin for WordPress, tracked as CVE-2023-40000, allows hackers to create admin accounts by injecting malicious JavaScript. Over 1.8 million users are at risk with versions 5.7.0.1 or older. The current version, 6.2.0.1, is secure. One threat actor made over a million probing requests in April 2024. Users are urged to update to the latest version and remove unused plugins and themes.
Article metrics
Significance6.3
Scale7.0
Magnitude7.5
Potential8.5
Novelty6.0
Actionability9.0
Immediacy8.0
Positivity4.0
Credibility9.0