Identity, Cloud Security

WordPress sites targeted for hijacking with LiteSpeed Cache plugin flaw

WordPress app logo on the screen smartphone with notebook closeup. WordPress - open source site content management system.

More than 1.8 million WordPress sites using an old version of the LiteSpeed Cache plugin are at risk of takeovers amid attacks exploiting a high-severity unauthenticated cross-site scripting vulnerability, tracked as CVE-2023-40000, which have been increasing during the past month, according to BleepingComputer.

Attacks involved using the flaw to allow malicious JavaScript code injections in WordPress files to establish new admin accounts, which would allow content and settings modifications, plugin installation, phishing and malware attacks, and data exfiltration, a report from WPScan revealed.

Such findings follow a Wallarm report detailing the creation of admin accounts through the exploitation of a critical SQL injection flaw in the Email Subscribers WordPress plugin, which is installed in 90,000 sites.

"In the instances of observed attacks, CVE-2024-27956 has been utilized to execute unauthorized queries on databases and establish new administrator accounts on vulnerable WordPress sites (for instance, those beginning with "xtw")," said Wallarm.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.