CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2023/03/10 8:15 p.m.•2 views

CVE-2023-1345

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

ATTACKERKB•added 2023/03/10 8:15 p.m.•0 views

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS6.5AI score0.00307EPSS

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS6.5AI score0.00315EPSS

CVE-2023-1346

NVD•added 2023/03/10 8:15 p.m.•19 views

CVE-2023-1346

4.3CVSS4.2AI score0.00315EPSS

NVD•added 2023/03/10 8:15 p.m.•21 views

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS4.2AI score0.00307EPSS

ATTACKERKB•added 2023/03/10 8:15 p.m.•2 views

CVE-2023-1339

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS

ATTACKERKB•added 2023/03/10 8:15 p.m.•1 views

CVE-2023-1341

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajaxdeactivate function. This makes it possible for unauthenticated attackers to turn off...

ATTACKERKB•added 2023/03/10 8:15 p.m.•0 views

CVE-2023-1337

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4.3CVSS6.6AI score0.01024EPSS

OSV•added 2023/03/10 8:15 p.m.•3 views

CVE-2023-1343

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attachrule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS6.5AI score

OSV•added 2023/03/10 8:15 p.m.•3 views

CVE-2023-1338

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS

OSV•added 2023/03/10 8:15 p.m.•3 views

CVE-2023-1342

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...

4.3CVSS6.5AI score0.00307EPSS

OSV•added 2023/03/10 8:15 p.m.•2 views

CVE-2023-1341

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajaxdeactivate function. This makes it possible for unauthenticated attackers to turn off...

4.3CVSS6.5AI score0.00307EPSS

CVE-2023-1339

4.3CVSS6.6AI score

4.3CVSS7.3AI score0.00548EPSS

CVE-2023-1334

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queueposts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS7.3AI score0.01024EPSS

CVE-2023-1337

ATTACKERKB•added 2023/03/10 8:15 p.m.•4 views

CVE-2023-1338

4.3CVSS6.6AI score0.00548EPSS

ATTACKERKB•added 2023/03/10 8:15 p.m.•1 views

CVE-2023-1340

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...

ATTACKERKB•added 2023/03/10 8:15 p.m.•1 views

CVE-2023-1343

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attachrule function. This makes it possible for unauthenticated attackers to modify the...