66 matches found
CVE-2025-6213 Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...
CVE-2025-6213
The CVE concerns the WordPress plugin “Nginx Cache Purge Preload” (NPP) for Nginx caching. Affected: all versions up to and including 2.1.1. Root cause: insufficient sanitization of the HTTP_REFERERER parameter in nppp_preload_cache_on_update, passed from nppp_handle_fastcgi_cache_actions_admin_b...
CVE-2025-6213 Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...
PT-2025-30387 · WordPress · Nginx Cache Purge Preload
Name of the Vulnerable Software and Affected Versions: Nginx Cache Purge Preload plugin for WordPress versions through 2.1.1 Description: The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution via the nppp preload cache on update function. This is due to...
WordPress Nginx Cache Purge Preload plugin <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution vulnerability
Authenticated Administrator+ Remote Code Execution vulnerability discovered by cynau1t TianGong in WordPress Plugin Nginx Cache Purge Preload versions = 2.1.1...
CVE-2024-5810
The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...
CVE-2023-1920
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpurgecachevarnishcallback function. This makes it possible for unauthenticated attackers to purge the...
CVE-2025-22332
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanaver CloudFlareR Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlareR Cache Purge: from n/a through = 1.2...
CVE-2025-22332
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanaver CloudFlareR Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlareR Cache Purge: from n/a through = 1.2...
CVE-2025-22332 WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanaver CloudFlareR Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlareR Cache Purge: from n/a through = 1.2...
CVE-2025-22332 WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bryan Shanaver @ fiftyandfifty.org CloudFlareR Cache Purge allows Reflected XSS. This issue affects CloudFlareR Cache Purge: from n/a through 1.2...
CVE-2025-22332
CVE-2025-22332 is a reflected XSS in the WordPress CloudFlare(R) Cache Purge plugin (versions up to 1.2) caused by improper neutralization of input during web page generation. Public references list CloudFlare(R) Cache Purge
WordPress plugin CloudFlare(R) Cache Purge 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2025-4447 · Cloudflare · Cloudflare Cache Purge
Name of the Vulnerable Software and Affected Versions: CloudFlareR Cache Purge versions n/a through 1.2 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacke...
WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin CloudFlareR Cache Purge versions = 1.2...
CVE-2024-5810 WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials
The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...
SUSE CVE-2023-38497
Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
How Cache Purge Helps Keep Your Website Content Fresh and Responsive
Content Delivery Networks CDNs accelerate web traffic across the internet through servers residing in strategic locations known as points of presence or PoPs across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...
AZL-28510 CVE-2023-38497 affecting package rust for versions less than 1.72.0-2
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
DEBIAN-CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...