Unauthorized Data Modification in Aruba HiSpeed Cache Plugin for WordPress
CVE-2025-11725

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Aruba Hispeed Cache
Vendor: CVE Published:; 19 February 2026

What is CVE-2025-11725?

The Aruba HiSpeed Cache plugin for WordPress exhibits a vulnerability where multiple functions lack proper capability checks, affecting all versions up to and including 3.0.2. This flaw permits unauthorized users to make alterations to the plugin's configuration settings. Attackers can alter feature toggles, manage cron jobs, and engage in debugging modes without authentication, potentially compromising the integrity and functionality of the WordPress site.

Affected Version(s)

Aruba HiSpeed Cache 0 <= 3.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/aruba-hispeed-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Oct 13, 2025

Credit

Michael Mazzolini

CVE-2025-11725 Data

JSON