Vulnerabilities and security researches fornginx-cache-optimizer nginx-cache-optimizer

Nov 11, 2025

CVE, Research URL: CVE-2025-12014
Home page URL: Security reports for NGINX Cache Optimizer
Application: NGINX Cache Optimizer
Date: Oct 24, 2025
Research Description: The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add URLs to the Exclude URLs From Dynamic Caching setting.
Affected versions: max 1.1.
Status: vulnerable