Security News > 2024 > May > Hackers exploit LiteSpeed Cache flaw to create WordPress admins
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
LiteSpeed Cache is advertised as a caching plugin used in over five million WordPress sites that helps speed up page loads, improve visitor experience, and boost Google Search ranking.
The ability to create admin accounts on WordPress sites gives attackers full control over the website, allowing them to modify content, install plugins, change critical settings, redirect traffic to unsafe sites, distribute malware, phishing, or steal available user data.
WordPress site admins are recommended to update plugins to the latest version, remove or disable components that are not needed, and monitor for new admin accounts being created.
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites.
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware.
News URL
Related news
- LiteSpeed Cache WordPress plugin bug lets hackers get admin access (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)