What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through <= 5.4.1.
Explanation of Vulnerability in Simple Terms
02Summary
Cache control by Cacholong versions 5.4.1 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted cache management actions without the administrator's knowledge or consent. The vulnerability requires the victim to visit the attacker's page while authenticated to the site.
What an attacker can do
03Attacker Capabilities
Perform cache management actions on behalf of an authenticated administrator without their consent.
Potential impact on your site
04Site Impact
An attacker can manipulate your site's cache settings or clear cache without authorization if an admin visits a malicious link.
Conditions required to exploit
05Prerequisites
The site administrator must be logged in and visit a page controlled by the attacker.
Key dates
06Disclosure timeline
April 1, 2025
CVE published
May 12, 2026
Record updated