5 matches found
CVE-2026-15350
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2026-15350 The Cache Purger <= 2.3.20 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Log Deletion via 'the_log_purge' Parameter
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
EUVD-2026-44884
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2026-15350
CVE-2026-15350 affects the WordPress plugin The Cache Purger (up to version 2.3.20). The vulnerability is an authorization bypass that allows authenticated users with subscriber-level access or higher to permanently truncate the plugin’s cache-purge audit log (wp-content/purge.log), destroying th...
Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet
An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known...