Description
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.
Published: 2026-01-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the CloudPanel CLP Varnish Cache WordPress plugin. It allows an attacker to perform unauthorized actions that should be restricted—through the plugin’s administrative interface. The weakness is classified as Broken Access Control (CWE‑862) and can compromise the confidentiality and integrity of the site’s caching configuration.

Affected Systems

WordPress sites that have the CLP Varnish Cache plugin from CloudPanel with a version of 1.0.2 or earlier are affected. The vulnerability applies to any release up to and including 1.0.2, as the product description lists "from n/a through <= 1.0.2."

Risk and Exploitability

The CVSS v3.1 score of 5.3 indicates a moderate severity, while the EPSS score of less than 1% suggests a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web‑based, where an attacker can reach the plugin’s admin pages to exploit the broken access control, but this is an inference because the CVE description does not explicitly state the vector.

Generated by OpenCVE AI on April 16, 2026 at 17:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CLP Varnish Cache to a version newer than 1.0.2.
  • Disable external exposure of the plugin’s administrative interface if it is not needed by legitimate users.
  • Monitor WordPress logs for unauthorized configuration changes or anomalous activity.

Generated by OpenCVE AI on April 16, 2026 at 17:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 28 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cloudpanel
Cloudpanel clp Varnish Cache
Wordpress
Wordpress wordpress
Vendors & Products Cloudpanel
Cloudpanel clp Varnish Cache
Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.
Title WordPress CLP Varnish Cache plugin <= 1.0.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Cloudpanel Clp Varnish Cache
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:14:13.420Z

Reserved: 2026-01-23T12:31:31.583Z

Link: CVE-2026-24525

cve-icon Vulnrichment

Updated: 2026-01-27T21:20:00.769Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:08.340

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24525

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T18:00:11Z

Weaknesses