NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

Vulnerabilities 8Slug nitropackLatest version 1.19.4WordPress.org →

Minimum safe version

1.19.4

Update to 1.19.4 or later to address 8 fixable vulnerabilities

Latest available1.19.4 ✓

N/A

2025-09-09< 1.18.5

NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function

Medium 5.3

2026-04-08< 1.19.4

CVE-2026-39669

High 8.1

2025-01-15< 1.17.6

CVE-2024-11848

Medium 4.3

2025-01-15< 1.17.6

CVE-2024-11851

Critical 9.8

2024-08-29< 1.16.8

CVE-2024-43922

N/A

< 1.10.0

NitroPack < 1.10.0 - Missing Authorization via multiple AJAX functions

Medium 5.4

2024-12-28< 1.10.3

WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

N/A

2023-11-07< 1.10.0

NitroPack <= 1.9.2 - Missing Authorization via multiple AJAX functions