CVE-2026-22492
📋 TL;DR
This CVE describes a Missing Authorization vulnerability in the Nawawi Jamili Docket Cache WordPress plugin that allows attackers to exploit incorrectly configured access control security levels. It affects all versions up to 24.07.04, potentially allowing unauthorized access to cached data or administrative functions. WordPress sites using vulnerable versions of Docket Cache are affected.
💻 Affected Systems
- Nawawi Jamili Docket Cache WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the WordPress site through privilege escalation, allowing attackers to modify content, install backdoors, or steal sensitive data from cache.
Likely Case
Unauthorized access to cached data, potentially exposing sensitive information or allowing manipulation of cached content.
If Mitigated
No impact if proper authorization controls are implemented and the vulnerability is patched.
🎯 Exploit Status
Exploitation requires some level of access but doesn't require authentication to the vulnerable endpoint. The vulnerability is in access control logic, making exploitation straightforward once identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 24.07.04
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Docket Cache and click 'Update Now'. 4. Verify update to version newer than 24.07.04. 5. Clear any existing caches.
🔧 Temporary Workarounds
Disable Docket Cache Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate docket-cache
Restrict Access via .htaccess
linuxAdd access restrictions to plugin directories
Order Deny,Allow
Deny from all
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block unauthorized access to Docket Cache endpoints
- Monitor access logs for suspicious activity targeting the docket-cache plugin directory
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Docket Cache version. If version is 24.07.04 or earlier, you are vulnerable.Check Version:
wp plugin get docket-cache --field=versionVerify Fix Applied:
Verify Docket Cache plugin version is newer than 24.07.04 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /wp-content/plugins/docket-cache/ endpoints
- Multiple 403 or 401 errors followed by 200 success to plugin paths
Network Indicators:
- Unusual traffic patterns to Docket Cache API endpoints from unauthorized IPs
SIEM Query:
source="wordpress.log" AND ("docket-cache" OR "docket_cache") AND (status=200 OR status=403) AND user="-"