Plateforme
wordpress
Composant
fastcgi-cache-purge-and-preload-nginx
Corrigé dans
2.1.2
CVE-2025-6213 is a Remote Code Execution (RCE) vulnerability affecting the Nginx Cache Purge Preload plugin for WordPress. This vulnerability allows authenticated attackers with administrator-level access to execute arbitrary code on the server. It impacts versions 0.0.0 through 2.1.1, and a fix is available in version 2.1.2.
The vulnerability lies within the nppppreloadcacheonupdate function, which fails to properly sanitize the $SERVER['HTTPREFERERER'] parameter. An attacker can exploit this by crafting a malicious HTTP Referer header, which is then processed without adequate validation. Successful exploitation allows the attacker to execute arbitrary code on the server hosting the WordPress site, potentially leading to complete system compromise. This could involve data theft, malware installation, or defacement of the website. The impact is particularly severe given the plugin's function of cache management, which often grants elevated privileges.
CVE-2025-6213 was publicly disclosed on 2025-07-22. The vulnerability is considered relatively straightforward to exploit given the requirement of only administrator-level access. There are currently no known public exploits or active campaigns targeting this vulnerability, but the ease of exploitation suggests it could become a target. Its inclusion in the WordPress ecosystem increases the potential attack surface.
WordPress websites utilizing the Nginx Cache Purge Preload plugin, particularly those with administrator accounts that have weak passwords or are otherwise vulnerable to compromise, are at risk. Shared hosting environments where multiple websites share the same server are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'nppp_preload_cache_on_update' /var/www/html/wp-content/plugins/nginx-cache-purge-preloader/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-bar.php | grep Referer• wordpress / composer / npm:
wp plugin list | grep 'nginx-cache-purge-preloader'disclosure
Statut de l'Exploit
EPSS
0.62% (percentile 70%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade the Nginx Cache Purge Preload plugin to version 2.1.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. As a secondary measure, implement strict input validation on all user-supplied data within the WordPress environment. Web Application Firewalls (WAFs) can be configured to filter malicious HTTP Referer headers, although this is not a substitute for patching the plugin. Monitor WordPress logs for suspicious activity related to the plugin’s functions.
Actualice el plugin Nginx Cache Purge Preload a la versión 2.1.2 o superior para mitigar la vulnerabilidad de ejecución remota de código. Asegúrese de que su instalación de WordPress esté actualizada y que tenga implementadas buenas prácticas de seguridad, como el uso de contraseñas seguras y la limitación de los privilegios de usuario.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-6213 is a Remote Code Execution vulnerability in the Nginx Cache Purge Preload WordPress plugin, allowing attackers with admin access to execute code.
You are affected if your WordPress site uses the Nginx Cache Purge Preload plugin in versions 0.0.0 through 2.1.1.
Upgrade the Nginx Cache Purge Preload plugin to version 2.1.2 or later. If upgrading is not possible, disable the plugin temporarily.
There are currently no known active exploits, but the ease of exploitation suggests it could become a target.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.