Description
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Object Cache 4 everyone plugin in WordPress versions up to 2.3.2 contains an unauthenticated sensitive data exposure flaw. The bug allows an attacker to retrieve private or confidential information without requiring any credentials. Because the vulnerability is based on improper access control (CWE-201), it can lead to disclosure of sensitive user data, plugin configuration details, or other private information kept in the cache.

Affected Systems

Affected systems are WordPress sites that have installed the fpuenteonline:Object Cache 4 everyone plugin with a version equal to or older than 2.3.2. The plugin version information may not be explicitly listed in CPE strings, but any site running the plugin before the 2.3.3 release is vulnerable.

Risk and Exploitability

The CVSS score is 7.5, indicating a high likelihood of significant impact if exploited. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the plugin’s exposed interfaces or configuration pages, which can be accessed by unauthenticated users. An attacker can exploit the flaw simply by sending a request to the vulnerable endpoint and reading the returned data, resulting in confidentiality loss.

Generated by OpenCVE AI on June 26, 2026 at 16:48 UTC.

Remediation

Vendor Solution

Update the WordPress Object Cache 4 everyone Plugin to the latest available version (at least 2.3.3).

OpenCVE Recommended Actions

  • Upgrade to WordPress Object Cache 4 everyone plugin version 2.3.3 or newer.
  • If an update cannot be applied immediately, disable the plugin to prevent unauthenticated data access.
  • As a temporary measure, configure web server or firewall rules to block external access to the plugin’s administrative URLs until the update is deployed.

Generated by OpenCVE AI on June 26, 2026 at 16:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
Title WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T15:50:56.407Z

Reserved: 2026-06-16T09:21:57.268Z

Link: CVE-2026-54834

cve-icon Vulnrichment

Updated: 2026-06-26T15:50:51.989Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T17:00:04Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data