When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The flaw is described as an unauthenticated cross-site scripting vulnerability, and tracked as CVE-2023-40000.
It carries a severity score of 8.8.
Victims can be redirected to malicious websites, served malicious advertising, or have their sensitive user data taken.
Its researchers observed increased activity from different hacking groups, as they scan the internet for compromised WordPress sites.
These are all running LiteSpeed Cache version 5.7.0.1 or older.
The current version is 6.2.0.1 and is considered immune to this flaw.
One threat actor made more than a million probing requests in April 2024 alone, it was said.
“Specifically in the option litespeed.admin_display.messages.”
ViaBleepingComputer
