Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

A high-severity stored XSS vulnerability (CVE-2023-40000, CVSS 8.3) in the LiteSpeed Cache WordPress plugin is being actively exploited to create rogue admin accounts (e.g., wpsupp-user, wp-configuser) and inject JavaScript hosted on domains such as dns.startservicefounds.com and api.startservicefounds.com; the flaw was patched in version 5.7.0.1 but many sites remain on vulnerable versions. Separately, the Mal.Metrica redirect scam abuses injected scripts and fake CAPTCHA prompts to redirect visitors to scammy or malicious sites, with approximately 17,449 sites noted as compromised; recommended mitigations include applying updates, auditing plugins/files, and removing suspicious content.