EUVD-2026-21250CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionNVD
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the ahsc_ajax_reset_options() function. This makes it possible for unauthenticated attackers to reset all plugin settings to their default values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AnalysisAI
Cross-site request forgery in Aruba HiSpeed Cache WordPress plugin up to version 3.0.4 allows unauthenticated attackers to reset all plugin settings to defaults by tricking site administrators into clicking a malicious link, due to missing nonce verification on the ahsc_ajax_reset_options() function. The CVSS score of 4.3 reflects the low-impact integrity violation requiring user interaction, with no known public exploit code or confirmed active exploitation.
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Unauthenticated refund abuse in the Eupago Gateway for WooCommerce WordPress plugin before 4.7.2 lets remote attackers t
Authentication bypass in the Login with OTP plugin for WordPress (all versions up to and including 1.6) lets unauthentic
Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and incl
Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and
Remote code execution in the WPCode WordPress plugin (versions through 2.3.5) lets authenticated author-level users run
Share
External POC / Exploit Code
Leaving vuln.today