WordPress sites targeted for hijacking with LiteSpeed Cache plugin flaw

More than 1.8 million WordPress sites using an old version of the LiteSpeed Cache plugin are at risk of takeovers amid attacks exploiting a high-severity unauthenticated cross-site scripting vulnerability, tracked as CVE-2023-40000, which have been increasing during the past month, according to BleepingComputer.

Attacks involved using the flaw to allow malicious JavaScript code injections in WordPress files to establish new admin accounts, which would allow content and settings modifications, plugin installation, phishing and malware attacks, and data exfiltration, a report from WPScan revealed.

Such findings follow a Wallarm report detailing the creation of admin accounts through the exploitation of a critical SQL injection flaw in the Email Subscribers WordPress plugin, which is installed in 90,000 sites.

“In the instances of observed attacks, CVE-2024-27956 has been utilized to execute unauthorized queries on databases and establish new administrator accounts on vulnerable WordPress sites (for instance, those beginning with “xtw”),” said Wallarm.