More than 1.8 million WordPress sites using an old version of the LiteSpeed Cache plugin are at risk of takeovers amid attacks exploiting a high-severity unauthenticated cross-site scripting vulnerability, tracked as CVE-2023-40000, which have been increasing during the past month, according to BleepingComputer.