WordPress Nginx Cache Purge Preload plugin code injection vulnerability

WordPress Nginx Cache Purge Preload plugin is a plugin for optimizing the loading speed of your website. The WordPress Nginx Cache Purge Preload plugin suffers from a code injection vulnerability that stems from insufficient cleanup of the HTTPREFERERER parameter in the nppppreloadcacheonupdate...

CVE-2025-6213

The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...