Latest

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN 1.17.0

CVE-2024-11851

Severity: medium-risk
Status: Fixed
Publication: January 14, 2025

The NitroPack plugin for WordPress has a security issue that allows unauthorized updates without proper checks. This vulnerability affects all versions up to 1.17.0. It gives attackers with subscriber access or higher the ability to change certain temporary data, but only to whole numbers, not any other type of data.

Detected in:

NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN fixed vulnerable versions:

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization fixed vulnerable versions:

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN 1.17.0

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN 1.17.0

Detected in: