26 matches found
CVE-2025-12014
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-12014
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-12014 NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
EUVD-2025-35811
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-12014
CVE-2025-12014 affects the NGINX Cache Optimizer WordPress plugin (versions up to 1.1). Root cause: missing capability check on AJAX action nginxcacheoptimizer-blacklist-update, allowing authenticated Subscriber+ users to modify the Exclude URLs From Dynamic Caching list. Impact per sources: unau...
PT-2025-43597
Name of the Vulnerable Software and Affected Versions NGINX Cache Optimizer plugin for WordPress versions up to and including 1.1 Description The NGINX Cache Optimizer plugin for WordPress is susceptible to unauthorized data modification. A missing capability check on the...
WordPress NGINX Cache Optimizer plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update vulnerability
Missing Authorization to Authenticated Subscriber+ Dynamic Caching Exclusion Update vulnerability discovered by Legion Hunter in WordPress Plugin NGINX Cache Optimizer versions = 1.1...
EUVD-2025-22300
Malicious code in bioql PyPI...
EUVD-2024-53034
Malicious code in bioql PyPI...
WordPress Nginx Cache Purge Preload plugin code injection vulnerability
WordPress Nginx Cache Purge Preload plugin is a plugin for optimizing the loading speed of your website. The WordPress Nginx Cache Purge Preload plugin suffers from a code injection vulnerability that stems from insufficient cleanup of the HTTPREFERERER parameter in the nppppreloadcacheonupdate...
CVE-2025-6213
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...
CVE-2025-6213
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...
CVE-2025-6213
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...
CVE-2025-6213 Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...
CVE-2025-6213 Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...
WordPress plugin Nginx Cache Purge Preload 代码注入漏洞
WordPress Nginx Cache Purge Preload plugin is a plugin for optimizing the loading speed of your website. The WordPress Nginx Cache Purge Preload plugin suffers from a code injection vulnerability that stems from insufficient cleanup of the HTTPREFERERER parameter in the nppppreloadcacheonupdate...
PT-2025-30387 · WordPress · Nginx Cache Purge Preload
Name of the Vulnerable Software and Affected Versions: Nginx Cache Purge Preload plugin for WordPress versions through 2.1.1 Description: The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution via the nppp preload cache on update function. This is due to...
WordPress Nginx Cache Purge Preload plugin <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution vulnerability
Authenticated Administrator+ Remote Code Execution vulnerability discovered by cynau1t TianGong in WordPress Plugin Nginx Cache Purge Preload versions = 2.1.1...
CVE-2024-56236
Missing Authorization vulnerability in Juniper Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through = 2.4.0...
CVE-2024-56236
Missing Authorization vulnerability in Juni Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through = 2.4.0...