Description
Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through <= 1.4.
Published: 2025-03-28
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Clear Sucuri Cache plugin allows an attacker to exploit incorrectly configured access controls. The flaw permits unauthorized users to clear or manipulate the cache without proper authorization checks. This results in potential denial of service, service disruption, or malicious content delivery if the cache is tampered with. The weakness is classified as CWE-862: Missing Authorization.

Affected Systems

WordPress installations that use the webrangers Clear Sucuri Cache plugin version 1.4 or earlier are affected. The issue originates in all releases from the early releases up to version 1.4, regardless of WordPress core version.

Risk and Exploitability

The CVSS base score is 5.3, indicating a medium severity. The EPSS score of less than 1% suggests a low likelihood of exploitation at the current time, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker would need to have authenticated or unauthenticated access to the site and the ability to trigger plugin actions, implying the attack vector could be through the web interface or via a misconfigured user role. The absence of a KEV listing and low EPSS mean that, while the impact is significant for affected sites, the risk of exploitation is comparatively low in the near term.

Generated by OpenCVE AI on May 1, 2026 at 12:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Clear Sucuri Cache to the latest available version (greater than 1.4).
  • Verify that only authorized user roles can access cache management features and adjust plugin settings to enforce strict role checks.
  • If immediate update is not possible, consider disabling the Clear Sucuri Cache plugin or removing its management endpoints until a patch is available.

Generated by OpenCVE AI on May 1, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8584 Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4. Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through <= 1.4.
Title WordPress Clear Sucuri Cache <= 1.4 - Broken Access Control Vulnerability WordPress Clear Sucuri Cache plugin <= 1.4 - Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 28 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 28 Mar 2025 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4.
Title WordPress Clear Sucuri Cache <= 1.4 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:07.733Z

Reserved: 2025-03-28T11:01:02.395Z

Link: CVE-2025-31469

cve-icon Vulnrichment

Updated: 2025-03-28T14:03:39.133Z

cve-icon NVD

Status : Deferred

Published: 2025-03-28T12:15:19.530

Modified: 2026-04-23T15:27:53.157

Link: CVE-2025-31469

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T12:45:15Z

Weaknesses