CVE-2025-8778

Name of the Vulnerable Software and Affected Versions: NitroPack versions up to and including 1.18.4

Description: The NitroPack plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the nitropack set compression ajax() function. Authenticated attackers with Subscriber-level access or higher can modify the nitropack-enableCompression option, altering plugin compression settings.

Recommendations: Update NitroPack to a version later than 1.18.4.