9 matches found
CVE-2025-13377
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...
CVE-2025-12014
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
WordPress plugin NGINX Cache Optimizer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-12014
CVE-2025-12014 affects the NGINX Cache Optimizer WordPress plugin (versions up to 1.1). Root cause: missing capability check on AJAX action nginxcacheoptimizer-blacklist-update, allowing authenticated Subscriber+ users to modify the Exclude URLs From Dynamic Caching list. Impact per sources: unau...
CVE-2025-12014 NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
EUVD-2025-35811
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-12014 NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
PT-2025-43597
Name of the Vulnerable Software and Affected Versions NGINX Cache Optimizer plugin for WordPress versions up to and including 1.1 Description The NGINX Cache Optimizer plugin for WordPress is susceptible to unauthorized data modification. A missing capability check on the...
WordPress NGINX Cache Optimizer plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update vulnerability
Missing Authorization to Authenticated Subscriber+ Dynamic Caching Exclusion Update vulnerability discovered by Legion Hunter in WordPress Plugin NGINX Cache Optimizer versions = 1.1...