PatchSiren

kevp75 CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM kevp75 CVE published 2026-07-16

CVE-2026-15350

The Cache Purger plugin for WordPress has an authorization bypass vulnerability in all versions up to, and including, 2.3.20. This allows authenticated attackers with subscriber-level access and above to permanently truncate the plugin's cache-purge audit log, destroying the entire cache-purge audit history. The vulnerability exists due to the plugin not properly verifying that a user is authorized to per [truncated]