CVE-2025-11706

Name of the Vulnerable Software and Affected Versions Aruba HiSpeed Cache versions up to and including 3.0.2

Description The Aruba HiSpeed Cache plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the dbstatus parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link, which then executes the injected script.

Recommendations Update Aruba HiSpeed Cache to a version later than 3.0.2.