{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1924", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-04T19:11:29.291Z", "datePublished": "2026-04-10T01:24:59.928Z", "dateUpdated": "2026-04-10T01:24:59.928Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-10T01:24:59.928Z"}, "affected": [{"vendor": "arubadev", "product": "Aruba HiSpeed Cache", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset_options()` function. This makes it possible for unauthenticated attackers to reset all plugin settings to their default values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2230151-fde2-43d6-8bff-0d2ffd559ab3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.4/aruba-hispeed-cache.php#L632"}, {"url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.4/aruba-hispeed-cache.php#L631"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Faruba-hispeed-cache/tags/3.0.4&new_path=%2Faruba-hispeed-cache/tags/3.0.5"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Abhirup Konwar"}], "timeline": [{"time": "2026-04-09T12:50:15.000Z", "lang": "en", "value": "Disclosed"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset_options()` function. This makes it possible for unauthenticated attackers to reset all plugin settings to their default values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2026-1924", "lastModified": "2026-04-10T02:16:02.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-04-10T02:16:02.607", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.4/aruba-hispeed-cache.php#L631"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.4/aruba-hispeed-cache.php#L632"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Faruba-hispeed-cache/tags/3.0.4&new_path=%2Faruba-hispeed-cache/tags/3.0.5"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2230151-fde2-43d6-8bff-0d2ffd559ab3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.0.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Aruba HiSpeed Cache", "source": "cna", "vendor": "arubadev"}, "product": "aruba_hispeed_cache", "vendor": "arubadev"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-10T02:50:22.645461+00:00", "value": {"mitigation_remediation": ["Upgrade Aruba HiSpeed Cache to version 3.0.5 or later to add nonce validation.", "Confirm the plugin version has been updated and that the reset function is no longer publicly accessible.", "Train site administrators to recognize malicious links and verify URLs before clicking."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery that resets plugin settings to default values"}, "threat_synthesis": {"affected_systems": "All installations of Aruba HiSpeed Cache version 3.0.4 or earlier are vulnerable. The flaw is present in every release up to 3.0.4; versions 3.0.5 and later contain a nonce check that mitigates the issue.", "description_and_impact": "The Aruba HiSpeed Cache plugin for WordPress contains a flaw where the ahsc_ajax_reset_options() function does not perform nonce verification. An unauthenticated attacker can craft a request that forces a logged\u2011in administrator to reset all plugin settings to their default values by simply clicking on a malicious link. This manipulation affects the plugin\u2019s configuration and can change caching behavior without the user\u2019s knowledge.", "risk_and_exploitability": "The flaw has a CVSS score of 4.3, placing it in the medium severity range. No EPSS data or KEV listing is available, indicating that it has not been widely exploited publicly yet. Attackers require only social engineering to convince an administrator to visit a forged URL. The impact is limited to configuration loss and possible service disruption caused by resetting caching settings."}}}}, "created": "2026-04-10T08:36:08.534779+00:00", "updated": "2026-04-10T09:27:08.572058+00:00", "vendors": ["arubadev", "arubadev$PRODUCT$aruba_hispeed_cache", "wordpress", "wordpress$PRODUCT$wordpress"]}