CVE-2026-23694

Name of the Vulnerable Software and Affected Versions Aruba HiSpeed Cache WordPress plugin versions prior to 3.0.5

Description The Aruba HiSpeed Cache WordPress plugin is susceptible to a cross-site request forgery (CSRF) issue impacting several administrative AJAX actions. Specifically, the ahsc reset options, ahsc debug status, and ahsc enable purge handlers authenticate and check user capabilities but fail to validate a WordPress nonce for requests that alter the system's state. An attacker could potentially trick a logged-in administrator into visiting a malicious webpage, causing the submission of forged requests to the admin-ajax.php endpoint. This could lead to unauthorized changes, such as resetting plugin settings, modifying the WordPress WP DEBUG configuration, or altering cache purging behavior. The vulnerable parameters are not explicitly mentioned.

Recommendations Update Aruba HiSpeed Cache WordPress plugin to version 3.0.5 or later.