Hackers exploit LiteSpeed Cache flaw to create WordPress admins

Hackers are actively exploiting outdated LiteSpeed Cache (CVE-2023-40000) and Email Subscribers (CVE-2024-2876) WordPress plugins to inject malicious JavaScript or perform SQL injection that creates rogue administrator accounts and enables full site takeover; campaigns include mass scanning (over 1.2M probes from a single IP) and identifiable indicators such as admin accounts named 'wpsupp-user' or 'wp-configuser' and the injected DB string 'eval(atob(Strings.fromCharCode'. Site owners are advised to update or remove vulnerable plugins, monitor for new admin accounts, reset credentials, and perform full site cleanups from trusted backups if compromised.