CVE-2026-23545 PUBLISHED

WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability

Assigner: Patchstack
Reserved: 14.01.2026 Published: 19.02.2026 Updated: 19.02.2026

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.

Product Status

Vendor	Aruba.it Dev
Product	Aruba HiSpeed Cache
Versions	Default: unaffected affected from n/a to <= 3.0.4 (incl.)

Credits

NumeX | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/aruba-hispeed-cache/vulnerability/wordpress-aruba-hispeed-cache-plugin-3-0-4-broken-access-control-vulnerability?_s_id=cve

Problem Types

Missing Authorization CWE

Impacts

Exploiting Incorrectly Configured Access Control Security Levels