CVE-2026-25347

The connected PATCHSTACK entry identifies a Cross Site Scripting (XSS) vulnerability in the WordPress plugin WP REST Cache (versions ≤ 2026.1.0). The flaw is documented as discovered by Nguyen Ba Khanh . The provided material does not specify the exact root cause, affected components beyond the p...

PT-2026-27909

Name of the Vulnerable Software and Affected Versions Acato WP REST Cache versions through 2026.1.0 Description The software contains a flaw due to improper handling of user-supplied data during the creation of web pages, leading to a potential 'cross-site scripting' issue. This allows for the...

CVE-2025-52716

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through = 2025.1.0...

CVE-2025-52716 WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP REST Cache: from n/a through 2025.1.0...

CVE-2025-52716

CVE-2025-52716 concerns the WordPress plugin WP REST Cache prior to or up to version 2025.1.0. The vulnerability is an improper control of filenames for include/require statements, enabling local file inclusion (LFI) via the PHP runtime. Affected products are WP REST Cache (WordPress plugin); no ...