CVE-2026-23694

UNKNOWN 0.0

Aruba HiSpeed Cache < 3.0.5 CSRF in Multiple Administrative AJAX Actions

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_options, ahsc_debug_status, and ahsc_enable_purge perform authentication and capability checks but do not verify a WordPress nonce for state-changing requests. An attacker can induce a logged-in administrator to visit a malicious webpage that submits forged requests to admin-ajax.php, resulting in unauthorized resetting of plugin settings, toggling of the WordPress WP_DEBUG configuration, or modification of cache purging behavior without the administrator’s intent.

CWE	CWE-352
Vendor	aruba.it
Product	aruba hispeed cache
Published	Feb 23, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for aruba.it aruba hispeed cache

Be the first to know when new unknown vulnerabilities affecting aruba.it aruba hispeed cache are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Aruba.it / Aruba HiSpeed Cache

0 < 3.0.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordpress.org: https://wordpress.org/plugins/aruba-hispeed-cache/ hosting.aruba.it: https://hosting.aruba.it/en/wordpress.aspx

Credits

Rahul Karne VulnCheck