The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts.
LiteSpeed was notified of the vulnerability two months ago on August 14th and released a patch in October.
Cross-Site Scripting (XSS) Vulnerability
Wordfence discovered a Cross-Site Scripting (XSS) vulnerability in the LiteSpeed plugin, the most popular WordPress caching plugin in the world.