Vulnerabilities and security researches foraruba-hispeed-cache aruba-hispeed-cache

Feb 27, 2026

CVE, Research URL: CVE-2026-23545
Home page URL: Security reports for Aruba HiSpeed Cache
Application: Aruba HiSpeed Cache
Date: Feb 19, 2026
Research Description: Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.
Affected versions: max 3.0.4.
Status: vulnerable

CVE, Research URL: CVE-2026-23694
Home page URL: Security reports for Aruba HiSpeed Cache
Application: Aruba HiSpeed Cache
Date: Feb 24, 2026
Research Description: Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_options, ahsc_debug_status, and ahsc_enable_purge perform authentication and capability checks but do not verify a WordPress nonce for state-changing requests. An attacker can induce a logged-in administrator to visit a malicious webpage that submits forged requests to admin-ajax.php, resulting in unauthorized resetting of plugin settings, toggling of the WordPress WP_DEBUG configuration, or modification of cache purging behavior without the administrator’s intent.
Affected versions: max 3.0.5.
Status: vulnerable

CVE, Research URL: CVE-2025-11725
Home page URL: Security reports for Aruba HiSpeed Cache
Application: Aruba HiSpeed Cache
Date: Feb 19, 2026
Research Description: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode
Affected versions: max 3.0.3.
Status: vulnerable

CVE, Research URL: CVE-2025-11706
Home page URL: Security reports for Aruba HiSpeed Cache
Application: Aruba HiSpeed Cache
Date: Feb 19, 2026
Research Description: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 3.0.3.
Status: vulnerable

Jan 27, 2026

CVE, Research URL: CVE-2025-67913
Home page URL: Security reports for Aruba HiSpeed Cache
Application: Aruba HiSpeed Cache
Date: Jan 08, 2026
Research Description: Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.
Affected versions: max 3.0.3.
Status: vulnerable

Aug 12, 2024

CVE, Research URL: CVE-2024-43119
Home page URL: Security reports for Aruba HiSpeed Cache
Application: Aruba HiSpeed Cache
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.
Affected versions: max 2.0.13.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-44983
Home page URL: Security reports for Aruba HiSpeed Cache
Application: Aruba HiSpeed Cache
Date: Dec 19, 2023
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.
Affected versions: max 2.0.7.
Status: vulnerable