cleantalk
Vulnerabilities and Security Researches

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer, CVE-2024-13338

CVE, Research URL

CVE-2024-13338

Home page URL

Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Application

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Published on
Apr 12, 2025
Research Description
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.3.2.
Status
vulnerable
Previous vulnerability researches
WDesignkit (CVE-2024-53811) , Dec 08, 2024
WDesignkit (CVE-2024-12189) , Apr 03, 2025
New vulnerability
Wireless Butler (CVE-2025-26997) , Apr 15, 2025
WooCommerce Loyal Customers (CVE-2025-32544) , Apr 15, 2025
WP Delete User Accounts (CVE-2025-26906) , Apr 15, 2025
Coming Soon, Maintenance Mode & Under Construction Page Builder by Site Mode (CVE-2025-26894) , Apr 15, 2025
Real Testimonials (CVE-2025-22269) , Apr 15, 2025