Si vous utilisez ce plugin, il est urgent de mettre à jour
> Critical Vulnerability in LiteSpeed Cache Plugin for WordPress
> (August 21 & 22, 2024)
>
> A critical unauthenticated privilege elevation vulnerability in the LiteSpeed Cache plugin for WordPress could be exploited to gain admin privileges on unpatched websites. The issue has been fixed in LiteSpeed Cache version 6.4, which was released on August 13. The plugin has more than five million active installations.
>
> Editor's Note
> [Neely]
> CVE-2024-28000, CVSS score of 9.8, allows an unauthenticated user to spoof the username and get admin access. This is due to a user simulation module which had easily guessable non-salted hash. This doesn't impact Windows based WordPress installations as the function relied on a PHP method not implemented in Windows. Make sure you're on LiteSpeed 6.4 or higher. Also make sure that you don't already have a cache service from your provider which could negate the need for this plugin. Wordfence has rules to block this attack and reports blocking nearly 59,000 attacks in the last 24 hours.
https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-millions-of-wordpress-sites-to-takeover-attacks/