Aruba HiSpeed Cache
Moderate fix1 remedy
cpe:2.3:a:aruba:aruba_hispeed_cache:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.0.4
Aruba HiSpeed Cache WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Aruba HiSpeed Cache plugin for WordPress, affecting all versions through 3.0.4. The vulnerability arises from a lack of nonce verification in the 'ahsc_ajax_reset_options()' function, allowing unauthenticated attackers to reset the plugin's settings to default by tricking an administrator into clicking a link.
Impact
Exploitation of this vulnerability allows for unauthorized modification of the plugin's settings, potentially disrupting the site's caching performance and management.
Reproduction
To reproduce this vulnerability, an attacker must send a forged request to the 'ahsc_ajax_reset_options' action without a valid nonce. This can be done by tricking an administrator into clicking a link that triggers the request, such as through a phishing email or a malicious website.
Remediation
Users are advised to update the Aruba HiSpeed Cache plugin to version 3.0.5 or later.
Added: Apr 10, 2026, 2:45 AM
Updated: Apr 10, 2026, 2:45 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
7.4remediation
7.7relevance
5.6threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.