CVE-2025-6213: 
WordPress vulnerability analysis and mitigation

The Nginx Cache Purge Preload plugin for WordPress (versions up to and including 2.1.1) contains a Remote Code Execution vulnerability identified as CVE-2025-6213. The vulnerability was discovered on July 22, 2025, affecting the plugin's cache management functionality. The issue stems from insufficient sanitization of the $SERVER['HTTPREFERERER'] parameter in the 'nppppreloadcacheonupdate' function, which is passed from the 'nppphandlefastcgicacheactionsadminbar' function (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-94 (Improper Control of Generation of Code 'Code Injection'). The vulnerability requires administrator-level access or above to be exploited (NVD, Wordfence).

If exploited, this vulnerability allows authenticated attackers with administrator-level access to execute arbitrary code on the server. This could potentially lead to complete server compromise, as the attacker would have the ability to execute commands with the same privileges as the web server process (NVD).

The vulnerability has been patched in version 2.1.3 of the Nginx Cache Purge Preload plugin. Users are strongly advised to update to this latest version immediately. The patch prevents command injection via ['HTTP_REFERER'] and includes additional security improvements (Github).