A vulnerability in the LiteSpeed Cache plugin for WordPress, which has over 6 million active installations, has been discovered allowing unauthenticated visitors to gain administrator-level access by exploiting a security flaw in the plugin’s role simulation feature. This flaw permitted unauthorized access that could lead to the installation of malicious plugins.
Source: Infosecurity