Security News > 2024 > May > Hackers exploit LiteSpeed Cache flaw to create WordPress admins

Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
LiteSpeed Cache is advertised as a caching plugin used in over five million WordPress sites that helps speed up page loads, improve visitor experience, and boost Google Search ranking.
The ability to create admin accounts on WordPress sites gives attackers full control over the website, allowing them to modify content, install plugins, change critical settings, redirect traffic to unsafe sites, distribute malware, phishing, or steal available user data.
WordPress site admins are recommended to update plugins to the latest version, remove or disable components that are not needed, and monitor for new admin accounts being created.
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites.
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware.
News URL
Related news
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- The 4 WordPress flaws hackers targeted the most in Q1 2025 (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Hackers abuse WordPress MU-Plugins to hide malicious code (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)