cleantalk
Vulnerabilities and Security Researches

LWSCache, CVE-2025-8147

CVE, Research URL

CVE-2025-8147

Home page URL

Security reports for LWSCache

Application

LWSCache

Published on
Aug 29, 2025
Research Description
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins.
Affected versions
Min -, max 2.9.
Status
vulnerable
Previous vulnerability researches
Ultimate twitter profile widget (CVE-2025-48321) , Aug 27, 2025
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2025-9500) , Sep 02, 2025
Chatbox Manager (CVE-2025-58211) , Sep 02, 2025
WooCommerce Payment Gateway for Saferpay (CVE-2025-48317) , Sep 02, 2025
iATS Online Forms (CVE-2025-9441) , Sep 02, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-53328) , Sep 02, 2025