Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

2024-05-08 07:03

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user

News URL

https://thehackernews.com/2024/05/hackers-exploiting-litespeed-cache-bug.html

#cache #hacker #wordpress #CVE-2023-40000

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-04-16	CVE-2023-40000	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7. CWE-79	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	407	104	29	576

News URL

Related news

Related Vulnerability

Related vendor