CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode
Explanation of Vulnerability in Simple Terms
Aruba HiSpeed Cache versions 3.0.2 and earlier lack proper authorization checks, allowing unauthenticated attackers to read and modify sensitive data. The vulnerability requires no user interaction and is exploitable over the network. An attacker can access or alter information without needing valid credentials or special system access.
What an attacker can do
Read and modify sensitive data without authentication.
Potential impact on your site
Unauthorized users can view and alter cached data and configuration without logging in.
Conditions required to exploit
Network access to the affected Aruba HiSpeed Cache instance; no authentication required.
Key dates
External resources
Related vulnerabilities
