Please be advised that hackers may attempt to exploit this plugin in order to gain complete control over your WordPress site.

A vulnerable WordPress plugin may allow attackers to create administrator accounts. An older version of LiteSpeed Cache, a widely used plugin for the WordPress content management system, contains a critical vulnerability that is increasingly being exploited by attackers.

This vulnerability is classified as an unauthenticated cross-site scripting vulnerability and is tracked as CVE-2023-40000, with a severity rating of 8.8. By injecting malicious JavaScript code into WordPress files through the plugin, attackers may create new administrator accounts with full control over the website. These accounts could be used to alter website content, install or remove plugins, or change various settings. Additionally, users may be redirected to malicious websites, served with malicious ads, or have their sensitive data compromised.To mitigate this risk, we recommend updating your WordPress installation to the latest version of LiteSpeed Cache or another caching plugin that is not affected by this vulnerability. It is also important to regularly check for updates and patches to all plugins and themes on your website to ensure they are up to date and secure.

The vulnerability was identified by WPScan, a security project that maintains a database of WordPress vulnerabilities. WPScan researchers noticed increased activity by various hacking groups scanning the internet for vulnerable websites running LiteSpeed Cache versions 5.7.0.1 and earlier. The latest version (6.2.0.1) is considered unaffected by this vulnerability.In April 2024, one threat actor reportedly sent more than one million probe requests alone. It is alleged that LiteSpeed Cache has more than five million active users, with approximately two million using the outdated and vulnerable version (1,835,000).

LiteSpeed Cache claims to offer faster page load times, an improved user experience, and enhanced search engine rankings. Those concerned about potential targeting are advised to upgrade their plugins to the latest version as soon as possible. Additionally, they should consider removing all unused plugins and themes, as well as any suspicious files or folders.

For those suspecting possible targeting, it is recommended to search the database for suspicious strings. Specifically, search for “eval(atob(String.fromCharCode)” in the “litespeed.admin_display.messages” option.According to BleepingComputer, this process may help identify any potential problems and take appropriate measures to protect the system.