PT-2026-20574 · WordPress · Aruba Hispeed Cache
Michael Mazzolini
·
Published
2026-02-19
·
Updated
2026-02-23
·
CVE-2025-11725
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Aruba HiSpeed Cache versions up to and including 3.0.2
Description
The Aruba HiSpeed Cache plugin for WordPress is susceptible to unauthorized data modification because of absent capability checks in several functions. This allows unauthenticated attackers to alter the plugin’s configuration, activate or deactivate features, and control WordPress cron jobs or debug mode.
Recommendations
Update Aruba HiSpeed Cache to a version later than 3.0.2.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aruba Hispeed Cache