CVE-2025-12014

The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

CVE-2025-12014

CVE-2025-12014 affects the NGINX Cache Optimizer WordPress plugin (versions up to 1.1). Root cause: missing capability check on AJAX action nginxcacheoptimizer-blacklist-update, allowing authenticated Subscriber+ users to modify the Exclude URLs From Dynamic Caching list. Impact per sources: unau...

CVE-2025-12014 NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update

The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

EUVD-2025-35811

The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

PT-2025-43597

Name of the Vulnerable Software and Affected Versions NGINX Cache Optimizer plugin for WordPress versions up to and including 1.1 Description The NGINX Cache Optimizer plugin for WordPress is susceptible to unauthorized data modification. A missing capability check on the...

WordPress NGINX Cache Optimizer plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update vulnerability

Missing Authorization to Authenticated Subscriber+ Dynamic Caching Exclusion Update vulnerability discovered by Legion Hunter in WordPress Plugin NGINX Cache Optimizer versions = 1.1...