A vulnerability in the popular LiteSpeed Cache plugin for WordPress could allow attackers to retrieve user cookies and potentially take over websites. The debug log file is publicly accessible, which means an unauthenticated attacker could access the information exposed in the file and extract any user cookies stored in it. This would allow attackers to log in to the affected websites as any user for which the session cookie has been leaked, including as administrators, which could lead to site takeover. The vulnerability was resolved on September 4 with the release of LiteSpeed Cache version 6.5.0.1, but millions of websites might still be affected.

Read more: https://www.securityweek.com/litespeed-cache-plugin-vulnerability-exposes-millions-of-wordpress-sites-to-attacks/