Skip to main content

Nitropack

2 CVEs product

Monthly

CVE-2026-39669 MEDIUM This Month

NitroPack WordPress plugin through version 1.19.3 allows remote unauthenticated attackers to modify plugin settings via incorrectly configured access control checks, enabling unauthorized changes to website optimization and caching configurations. The vulnerability requires only network access and no user interaction, affecting default installations. Despite the CVSS 5.3 score indicating integrity impact, real-world exploitation risk is extremely low (EPSS 0.02%, 4th percentile), suggesting limited practical exploitability or narrow attack scope in production environments.

Authentication Bypass Nitropack
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-43922 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Nitropack
NVD
CVSS 3.1
9.8
EPSS
0.4%
EPSS 0% CVSS 5.3
MEDIUM This Month

NitroPack WordPress plugin through version 1.19.3 allows remote unauthenticated attackers to modify plugin settings via incorrectly configured access control checks, enabling unauthorized changes to website optimization and caching configurations. The vulnerability requires only network access and no user interaction, affecting default installations. Despite the CVSS 5.3 score indicating integrity impact, real-world exploitation risk is extremely low (EPSS 0.02%, 4th percentile), suggesting limited practical exploitability or narrow attack scope in production environments.

Authentication Bypass Nitropack
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Nitropack
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy