WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
27 February 2024
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges.
Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1.
"This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user