News

    WordPress sites under attack!

    Hackers exploit Litespeed Cache plugin to hijack websites, millions of websites at risk as critical vulnerability allows attackers to gain full control
    Cenk Tarhan
    WordPress sites under attack!

    A critical security flaw in the popular WordPress plugin, LiteSpeed Cache, is being actively exploited by hackers to take complete control of vulnerable websites. This alarming discovery, reported by WPScan, reveals that attackers are using the vulnerability (CVE-2023-40000) to create rogue admin accounts, granting them unrestricted access and the ability to manipulate websites at will.

    The vulnerability, a stored cross-site scripting (XSS) flaw, was disclosed in February 2024 and patched in October 2023. However, with over 5 million active installations of LiteSpeed Cache, a significant number of websites remain at risk as they haven’t updated to the latest secure version.

    Consequences of the Litespeed Cache Hack

    Gaining admin access allows attackers to wreak havoc on compromised websites. They can inject malware, install malicious plugins, steal sensitive data, redirect visitors to phishing sites, and deface websites, among other harmful actions.

    WordPress shared its security report!

    How to protect your WordPress site

    Update LiteSpeed Cache immediately: Ensure you are using version 5.7.0.1 or later.

    Review all plugins: Check for updates and remove any suspicious or unused plugins.

    Scan for malware: Regularly scan your website for malware and backdoors.

    Strengthen passwords: Use strong and unique passwords for all admin accounts.

    Enable automatic updates: Keep your WordPress core, plugins, and themes updated automatically to benefit from the latest security patches.

    No comments yet Write the First Comment
    ×

    Your comment has been submitted,
    it will be published after approval.

    Write a Comment