CVE-2025-6213

Name of the Vulnerable Software and Affected Versions Nginx Cache Purge Preload plugin for WordPress versions through 2.1.1

Description The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution via the nppp preload cache on update function. This is due to insufficient sanitization of the $ SERVER['HTTP REFERERER'] parameter passed from the nppp handle fastcgi cache actions admin bar function. This allows authenticated attackers with Administrator-level access and above to execute code on the server.

Recommendations Nginx Cache Purge Preload plugin for WordPress versions through 2.1.1: Update to a version later than 2.1.1.