Security researchers have found another critical vulnerability in the LiteSpeed Cache plugin for WordPress that could allow malicious actors to take over websites.
Four months after patching an unauthenticated cross-site scripting flaw, the popular optimization plugin was found to be vulnerable to a bug described as an “unauthenticated account takeover vulnerability.” In other words, an unauthenticated malicious visitor could exploit the flaw to gain access to any logged-in user, including administrator accounts. That, you might assume, gives the attacker full access to the website to do whatever they want.