MEDIUM
kevp75
CVE published 2026-07-16
CVE-2026-15350
The Cache Purger plugin for WordPress has an authorization bypass vulnerability in all versions up to, and including, 2.3.20. This allows authenticated attackers with subscriber-level access and above to permanently truncate the plugin's cache-purge audit log, destroying the entire cache-purge audit history. The vulnerability exists due to the plugin not properly verifying that a user is authorized to per [truncated]