Search criteria
2 vulnerabilities by arubadev
CVE-2025-11706 (GCVE-0-2025-11706)
Vulnerability from cvelistv5 – Published: 2026-02-19 03:25 – Updated: 2026-02-19 17:43
VLAI?
Title
Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting
Summary
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| arubadev | Aruba HiSpeed Cache |
Affected:
* , ≤ 3.0.2
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:04:40.754401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:43:28.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba HiSpeed Cache",
"vendor": "arubadev",
"versions": [
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T03:25:12.460Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d4bb4b6-9565-4a8a-aae3-ba863ef42ddb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L635"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3399636%40aruba-hispeed-cache\u0026new=3399636%40aruba-hispeed-cache\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-08T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-02-18T14:55:10.000Z",
"value": "Disclosed"
}
],
"title": "Aruba HiSpeed Cache \u003c= 3.0.2 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11706",
"datePublished": "2026-02-19T03:25:12.460Z",
"dateReserved": "2025-10-13T19:42:07.386Z",
"dateUpdated": "2026-02-19T17:43:28.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11725 (GCVE-0-2025-11725)
Vulnerability from cvelistv5 – Published: 2026-02-19 03:25 – Updated: 2026-02-19 17:43
VLAI?
Title
Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification
Summary
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| arubadev | Aruba HiSpeed Cache |
Affected:
* , ≤ 3.0.2
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:23:22.860076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:43:52.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba HiSpeed Cache",
"vendor": "arubadev",
"versions": [
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin\u0027s configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T03:25:11.535Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2830c958-13d1-4c69-8dde-7fc091db02eb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L618"
},
{
"url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L590"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3399636%40aruba-hispeed-cache\u0026new=3399636%40aruba-hispeed-cache\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-08T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-02-18T14:59:09.000Z",
"value": "Disclosed"
}
],
"title": "Aruba HiSpeed Cache \u003c= 3.0.2 - Missing Authorization to Unauthenticated Plugin\u0027s Settings Modification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11725",
"datePublished": "2026-02-19T03:25:11.535Z",
"dateReserved": "2025-10-13T21:04:53.361Z",
"dateUpdated": "2026-02-19T17:43:52.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}