vulnerability

WordPress Plugin: content-no-cache: CVE-2025-28993: Improper Control of Generation of Code ('Code Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jun 23, 2025	Jul 9, 2025	Jul 9, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jun 23, 2025

Added

Jul 9, 2025

Modified

Jul 9, 2025

Description

The Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached plugin for WordPress is vulnerable to Arbitrary Function Calls in all versions up to, and including, 0.1.4. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code in a limited context.

Solution

content-no-cache-plugin-cve-2025-28993

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-28993
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/d97ed290-b887-4fa5-866c-e7af9b29b517?source=api-prod
CVE-2025-28993
https://attackerkb.com/topics/CVE-2025-28993
CWE-94

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today