ByteOS Network

CVE Vulnerability Details :

CVE-2025-11725

PUBLISHED

More Info Official Page

Assigner-Wordfence

Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599

Published At-19 Feb, 2026 | 03:25

Updated At-19 Feb, 2026 | 03:25

▼CVE Numbering Authority (CNA)

Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode

Affected Products

Vendor

arubadev

Product

Aruba HiSpeed Cache

Default Status

unaffected

Versions

Affected

From * through 3.0.2 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-862	CWE-862 Missing Authorization

Type: CWE

CWE ID: CWE-862

Description: CWE-862 Missing Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Credits

finder

Michael Mazzolini

Timeline

Event	Date
Discovered	2025-10-08 00:00:00
Disclosed	2026-02-18 14:59:09

Event: Discovered

Date: 2025-10-08 00:00:00

Event: Disclosed

Date: 2026-02-18 14:59:09

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/2830c958-13d1-4c69-8dde-7fc091db02eb?source=cve	N/A
https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L618	N/A
https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L590	N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399636%40aruba-hispeed-cache&new=3399636%40aruba-hispeed-cache&sfp_email=&sfph_mail=	N/A