Description
Missing Authorization vulnerability in ekaterir Cache Sniper for Nginx snipe-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through <= 1.0.4.2.
Published: 2025-01-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in the Cache Sniper for Nginx WordPress plugin allows an attacker to bypass intended access controls, potentially accessing or manipulating cached content and configuration data. The vulnerability is identified as CWE-862 and stems from incorrectly configured security levels that do not enforce proper authentication or authorization checks. This can lead to exposure of sensitive information or unintended changes to the site’s caching behavior.

Affected Systems

The vulnerability affects the ekaterir Cache Sniper for Nginx plugin (snipe-nginx-cache) for all versions from the earliest available release through 1.0.4.2 inclusive. The affected product is a WordPress plugin that interacts with the Nginx caching layer; any WordPress site that installs this plugin and uses version 1.0.4.2 or earlier is at risk.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the plugin’s administrative interface or exposed endpoints that are not properly protected; based on the description, it is inferred that the issue arises when access control settings are misconfigured, which an attacker could exploit with or without prior authentication. No additional exploitation conditions are detailed in the advisory.

Generated by OpenCVE AI on May 1, 2026 at 20:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Cache Sniper for Nginx plugin to a version newer than 1.0.4.2 when the vendor releases it.
  • If no update is currently available, restrict the plugin’s admin pages by requiring authentication and/or limiting access to trusted IP addresses, such as via .htaccess or server‑level firewall rules.
  • Review and correct the plugin’s configuration to ensure that access control settings enforce the intended security levels; verify that cache purge endpoints and other privileged actions are protected.
  • Monitor WordPress and Nginx logs for unexpected access attempts to the plugin’s endpoints and adjust Nginx caching rules as needed.

Generated by OpenCVE AI on May 1, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3409 Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. Missing Authorization vulnerability in ekaterir Cache Sniper for Nginx snipe-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through <= 1.0.4.2.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Fri, 17 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Jan 2025 20:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.
Title WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T22:57:14.830Z

Reserved: 2025-01-16T11:30:05.455Z

Link: CVE-2025-23776

cve-icon Vulnrichment

Updated: 2025-01-17T17:19:03.042Z

cve-icon NVD

Status : Deferred

Published: 2025-01-16T21:15:19.160

Modified: 2026-06-17T08:57:06.953

Link: CVE-2025-23776

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T21:00:08Z

Weaknesses