Nitropack
Monthly
NitroPack WordPress plugin through version 1.19.3 allows remote unauthenticated attackers to modify plugin settings via incorrectly configured access control checks, enabling unauthorized changes to website optimization and caching configurations. The vulnerability requires only network access and no user interaction, affecting default installations. Despite the CVSS 5.3 score indicating integrity impact, real-world exploitation risk is extremely low (EPSS 0.02%, 4th percentile), suggesting limited practical exploitability or narrow attack scope in production environments.
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NitroPack WordPress plugin through version 1.19.3 allows remote unauthenticated attackers to modify plugin settings via incorrectly configured access control checks, enabling unauthorized changes to website optimization and caching configurations. The vulnerability requires only network access and no user interaction, affecting default installations. Despite the CVSS 5.3 score indicating integrity impact, real-world exploitation risk is extremely low (EPSS 0.02%, 4th percentile), suggesting limited practical exploitability or narrow attack scope in production environments.
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.