Lucene search
K

66 matches found

Vulnrichment
Vulnrichment
added 2025/07/22 9:22 a.m.9 views

CVE-2025-6213 Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution

The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...

7.2CVSS7.9AI score0.00683EPSS
Exploits0References4
CVE
CVE
added 2025/07/22 9:22 a.m.47 views

CVE-2025-6213

The CVE concerns the WordPress plugin “Nginx Cache Purge Preload” (NPP) for Nginx caching. Affected: all versions up to and including 2.1.1. Root cause: insufficient sanitization of the HTTP_REFERERER parameter in nppp_preload_cache_on_update, passed from nppp_handle_fastcgi_cache_actions_admin_b...

7.2CVSS7.3AI score0.00683EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/22 9:22 a.m.19 views

CVE-2025-6213 Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution

The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...

7.2CVSS0.00683EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.8 views

PT-2025-30387 · WordPress · Nginx Cache Purge Preload

Name of the Vulnerable Software and Affected Versions: Nginx Cache Purge Preload plugin for WordPress versions through 2.1.1 Description: The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution via the nppp preload cache on update function. This is due to...

7.2CVSS7.3AI score0.00683EPSS
Exploits0References11
Patchstack
Patchstack
added 2025/07/21 10:19 p.m.15 views

WordPress Nginx Cache Purge Preload plugin <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by cynau1t TianGong in WordPress Plugin Nginx Cache Purge Preload versions = 2.1.1...

7.2CVSS7.2AI score0.00683EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:28 a.m.7 views

CVE-2024-5810

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

5.3CVSS6.9AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.5 views

CVE-2023-1920

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpurgecachevarnishcallback function. This makes it possible for unauthenticated attackers to purge the...

4.3CVSS5.2AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:26 a.m.5 views

CVE-2025-22332

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanaver CloudFlareR Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlareR Cache Purge: from n/a through = 1.2...

7.1CVSS7.2AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/01/31 9:15 a.m.7 views

CVE-2025-22332

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanaver CloudFlareR Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlareR Cache Purge: from n/a through = 1.2...

7.1CVSS0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/31 8:23 a.m.20 views

CVE-2025-22332 WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanaver CloudFlareR Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlareR Cache Purge: from n/a through = 1.2...

7.1CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/31 8:23 a.m.11 views

CVE-2025-22332 WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bryan Shanaver @ fiftyandfifty.org CloudFlareR Cache Purge allows Reflected XSS. This issue affects CloudFlareR Cache Purge: from n/a through 1.2...

7.1CVSS7AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2025/01/31 8:23 a.m.47 views

CVE-2025-22332

CVE-2025-22332 is a reflected XSS in the WordPress CloudFlare(R) Cache Purge plugin (versions up to 1.2) caused by improper neutralization of input during web page generation. Public references list CloudFlare(R) Cache Purge

7.1CVSS7.2AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.5 views

WordPress plugin CloudFlare(R) Cache Purge 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS7.7AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.6 views

PT-2025-4447 · Cloudflare · Cloudflare Cache Purge

Name of the Vulnerable Software and Affected Versions: CloudFlareR Cache Purge versions n/a through 1.2 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacke...

7.1CVSS9.1AI score0.00271EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/01/03 4:0 p.m.5 views

WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin CloudFlareR Cache Purge versions = 1.2...

7.1CVSS6.1AI score0.00271EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/09 8:33 a.m.16 views

CVE-2024-5810 WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

5.3CVSS6.9AI score0.00444EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/06/04 12:30 p.m.6 views

SUSE CVE-2023-38497

Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

6.7CVSS6.8AI score0.00763EPSS
Exploits0References6
Imperva Blog
Imperva Blog
added 2023/12/27 11:0 a.m.33 views

How Cache Purge Helps Keep Your Website Content Fresh and Responsive

Content Delivery Networks CDNs accelerate web traffic across the internet through servers residing in strategic locations known as points of presence or PoPs across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...

6.8AI score
Exploits0
OSV
OSV
added 2023/08/04 4:15 p.m.8 views

AZL-28510 CVE-2023-38497 affecting package rust for versions less than 1.72.0-2

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

7.3CVSS7AI score0.00763EPSS
Exploits0References1
OSV
OSV
added 2023/08/04 4:15 p.m.2 views

DEBIAN-CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

7.3CVSS7AI score0.00763EPSS
Exploits0References1
Rows per page
Query Builder