PT-2026-1711 · WordPress · Clearfy Cache
Dmitry Ignatyev
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2025-13749
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Clearfy Cache – WordPress optimization plugin versions prior to 2.4.1
Description
The Clearfy Cache – WordPress optimization plugin is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by the absence of nonce validation within the
wbcr upm change flag function. An unauthenticated attacker could potentially disable plugin or theme update notifications by manipulating a site administrator into performing an action, such as clicking a malicious link.Recommendations
Update Clearfy Cache – WordPress optimization plugin to version 2.4.1 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clearfy Cache