Security researchers have found yet another critical vulnerability in the LiteSpeed Cache plugin for WordPress that allows threat actors to take over websites.
Four months after patching an unauthenticated cross-site scripting flaw, the popular optimization plugin was found vulnerable to a bug described as an “unauthenticated account takeover vulnerability”. In other words, an unauthenticated malicious visitor could abuse the hole to gain access to any logged-in user, including admin accounts. That, as you may presume, grants the attacker full access to the website to do with it as they please.