CVE-2026-39669 WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

WordPress NitroPack plugin <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Plugin NitroPack versions = 1.17.0...

EUVD-2024-34380

Malicious code in bioql PyPI...

CVE-2025-8778

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-8778

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-8778 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-37019

Name of the Vulnerable Software and Affected Versions: NitroPack versions up to and including 1.18.4 Description: The NitroPack plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the nitropack set compression ajax function...

CVE-2024-11851

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

CVE-2024-11848

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

CVE-2024-11848

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

CVE-2024-11851

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

CVE-2024-11848 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

CVE-2024-11848 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress NitroPack Plugin <= 1.16.7 is vulnerable to Broken Access Control

Software NitroPack Type Plugin Vulnerable versions = 1.16.7 Fixed in 1.16.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43922 Patch priority Low CVSS severity Low 4.8 Developer Claim ownership PSID 68fa122dccba Credits Rafie Muhammad Patchstack Require...

CVE-2023-52121 WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

CVE-2023-52121 WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...