WP Wallcreeper Missing Capability Check Vulnerability Allowing Unauthorized Cache Management

Vulnerability

A vulnerability exists in the WP Wallcreeper plugin for WordPress, in all versions through 1.6.1. The issue arises from a lack of proper capability checks on the admin_notices hook, which allows authenticated attackers with Subscriber-level access or higher to unauthorizedly modify data. Specifically, these attackers can enable or disable caching, potentially disrupting site performance or functionality.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in cache management, allowing attackers to disrupt normal site operations by improperly managing cached content.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Wallcreeper Missing Capability Check Vulnerability Allowing Unauthorized Cache Management

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating