VYPR

Nitropack

by Nitropack

Source repositories

CVEs (5)

  • CVE-2024-11848HigJan 15, 2025
    risk 0.46cvss 8.1epss 0.01

    The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with…

  • CVE-2023-52121MedJan 5, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy…

  • CVE-2025-8778MedSep 10, 2025
    risk 0.28cvss 4.3epss 0.00

    The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with…

  • CVE-2024-11851MedJan 15, 2025
    risk 0.21cvss 4.3epss 0.00

    The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with…

  • CVE-2024-43922Aug 29, 2024
    risk 0.00cvss epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7.