Its CVSS score of 8.3 indicates that its a severe vulnerability.
Hackers can pretend to be actual admins and take control of the site.
LiteSpeed has patched the vulnerability with version 5.7.0.1, but over 1.8 million users havent upgraded the plugin yet.
Hackers could leverage this exploit to grant administrator privileges to their user accounts and gain control of the websites.
said WPScan in itsblog post.
The security research company also shared that the malware injects code into the core WordPress files.
It discovered 1,232,810 requests from 94.102.51.144 and 70,472 from the 31.43.191.220 IP addresses, respectively.
Both IP addresses were searching the web for existing WordPress sites with old versions of LiteSpeed Cache plugins installed.
Whats the Resolution if Your Site Is Affected?
You must use a previous site backup to purge the malware infestation.
For precautionary measures, review the installed plugins on your WordPress website.
Ensure that all the available and pending plugin updates, including LiteSpeed Cache, are manually installed.
source: www.techworm.net
