WordPress Plugin Vulnerabilities

Aruba HiSpeed Cache < 2.0.13 - Missing Authorization

Description

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ahsc_tool_bar_purge() function in versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to purge cache.

Affects Plugins

Plugin icon
aruba-hispeed-cache
Fixed in 2.0.13

References

CVE
CVE-2024-43119
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4ae41106-c61f-45de-88d8-6dfa2347495c

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
a5be2365-f141-4e7d-8332-3a34c219fa55

Timeline

Publicly Published
2024-08-07 (about 1 year ago)
Added
2024-08-14 (about 1 year ago)
Last Updated
2024-08-14 (about 1 year ago)

Other

Published
Title
Published
2025-09-25
Title
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution < 4.8.4 - Insufficient Authorization to Authenticated (Editor+) Settings Update
Published
2026-01-27
Title
Simple calendar for Elementor < 1.6.7 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion
Published
2024-07-11
Title
Image Optimizer, Resizer and CDN – Sirv < 7.2.8 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update
Published
2024-09-30
Title
Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import
Published
2023-12-27
Title
BulkGate SMS Plugin for WooCommerce < 3.0.3 - Missing Authorization via Multiple AJAX Actions