WPScan disclosed an active exploit of LiteSpeed Cache’s high-severity flaw (CVE-2023-40000), enabling rogue admin account creation on WordPress sites. Despite a patch released in version 5.7.0.1, many sites remain vulnerable, with over 5 million installations at risk. The exploit permits injection of malicious JavaScript, posing serious security risks. Users are urged to update, audit plugins, and remove suspicious files promptly. This revelation coincides with Sucuri’s report on a redirect scam, emphasizing ongoing WordPress security challenges.