CVE-2026-54834
Deferred Deferred - Pending Action

Unauthenticated Sensitive Data Exposure in Object Cache for Everyone

Vulnerability report for CVE-2026-54834, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack object_cache_4_everyone to 2.3.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in Object Cache 4 everyone Plugin versions 2.3.2 and below allows unauthenticated attackers to access sensitive data. This means that attackers do not need to log in or have any privileges to exploit this flaw and retrieve confidential information from affected systems.

This exposure of sensitive data can be used by attackers to further compromise other parts of the system.

Impact Analysis

This vulnerability poses a high risk as it allows attackers to access confidential information without authentication. Such exposure can lead to further exploitation of system weaknesses, potentially resulting in data breaches or unauthorized access to other system components.

Because of its high severity score (7.5), it is likely to be targeted in mass campaigns affecting many websites using the vulnerable plugin.

Immediate action is recommended to update the plugin to version 2.3.3 or later to mitigate this risk.

Compliance Impact

The vulnerability in Object Cache 4 everyone Plugin versions 2.3.2 and below allows unauthenticated attackers to access sensitive data, which could lead to exposure of confidential information.

Such unauthorized sensitive data exposure can result in non-compliance with data protection regulations and standards like GDPR and HIPAA, which mandate the protection of personal and sensitive information.

Organizations using affected versions of the plugin risk violating these regulations due to potential data breaches, leading to legal and financial consequences.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WordPress Object Cache 4 everyone Plugin to version 2.3.3 or later.

If updating is not possible, users should seek assistance from their hosting provider or web developer.

Note that no virtual patch can mitigate this issue due to its specific nature.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54834. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart