Hackers are exploiting critical bug in LiteSpeed Cache plugin

The LiteSpeed Cache WordPress plugin has a critical unauthenticated privilege escalation vulnerability (CVE-2024-28000) that can be exploited by brute-forcing a weak hash to create admin accounts and fully take over sites. The flaw affects millions of installations, is being actively exploited (Wordfence reported ~48,500 blocked attacks in 24 hours), and site owners are urged to update to version 6.4.1 or uninstall the plugin immediately.