CVE-2025-62126
Lifecycle Timeline
2Description
Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through <= 1.8.3.
Analysis
Information disclosure in Razvan Stanga's Varnish/Nginx Proxy Caching WordPress plugin through version 1.8.3 allows sensitive data embedded in cached responses to be exposed to unauthorized users. The vulnerability stems from improper handling of sensitive information during proxy caching operations, enabling attackers to retrieve cached data containing credentials, tokens, or other confidential material. No authentication is required to exploit this issue, and EPSS analysis indicates a 4.43% probability of exploitation (89th percentile), suggesting moderate real-world risk despite the lack of known public exploits.
Technical Context
The vulnerability is rooted in CWE-201 (Insertion of Sensitive Information Into Sent Data), which occurs when applications transmit sensitive information in responses that can be cached by intermediate proxies. In this case, the Varnish/Nginx Proxy Caching plugin for WordPress fails to properly sanitize or exclude sensitive data from responses before they are cached. The plugin is designed to improve performance by caching dynamic WordPress content through Varnish and Nginx reverse proxies. When sensitive information (such as session tokens, API keys, or personally identifiable information) is inadvertently included in cacheable responses without proper cache-control headers or content filtering, it becomes retrievable from the cache by any attacker who can access the cache layer or proxy server. This is particularly dangerous in shared hosting or CDN environments where multiple users or applications may share infrastructure.
Affected Products
The vulnerability affects the Varnish/Nginx Proxy Caching plugin (vcaching) for WordPress, authored by Razvan Stanga, in all versions from initial release through version 1.8.3. The plugin is available on the WordPress plugin repository and is identified by the slug 'vcaching'. Users running any version at or below 1.8.3 are affected. The plugin integrates with Varnish and Nginx reverse proxies to cache WordPress content, so vulnerability exposure depends on both plugin installation and active use of proxy caching infrastructure.
Remediation
Update the Varnish/Nginx Proxy Caching plugin to version 1.8.4 or later as soon as possible. Users should navigate to their WordPress admin dashboard, go to Plugins > Installed Plugins, locate 'Varnish/Nginx Proxy Caching', and click 'Update Now'. For detailed patch information and advisory details, refer to the Patchstack database entry at https://patchstack.com/database/Wordpress/Plugin/vcaching/vulnerability/wordpress-varnish-nginx-proxy-caching-plugin-1-8-3-sensitive-data-exposure-vulnerability. In the interim, administrators should review cache configuration to ensure Cache-Control headers (no-store, private) are set appropriately for responses containing sensitive data, and verify that sensitive information is stripped from cached content at the application level. Consider temporarily disabling the plugin if sensitive data exposure cannot be mitigated through configuration.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today