CVE-2025-11725
Awaiting Analysis
Awaiting Analysis - Queue
Unauthorized Data Modification in Aruba HiSpeed Cache Plugin
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aruba | hispd_cache | to 3.0.2 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Aruba HiSpeed Cache plugin for WordPress has a vulnerability due to missing capability checks in multiple functions in all versions up to and including 3.0.2. This flaw allows unauthenticated attackers to modify the plugin's configuration settings.
- Attackers can enable or disable features within the plugin.
- They can also enable or disable WordPress cron jobs or debug mode.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to change important plugin settings, potentially disrupting website functionality.
- Modification of configuration settings could lead to unexpected behavior or performance issues.
- Enabling or disabling WordPress cron jobs might affect scheduled tasks, impacting site operations.
- Enabling debug mode could expose sensitive information or increase resource usage.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70