LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites

Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress site today!

WordPress websites have been under attack lately, with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin, claim Automattic’s security team, WPScan.

As of 2024, there are over 1.89 billion websites on the internet, with around 835 million relying on WordPress as their Content Management System (CMS), constituting approximately 43.3% of the total number of websites worldwide. This makes the CMS a lucrative target for cyber criminals.

According to WPSCan’s blog post, threat actors are exploiting a stored cross-site scripting (XSS) vulnerability in the plugin that allows an unauthenticated user to elevate privileges through specially crafted HTTP requests. LiteSpeed Cache plugin versions older ...