255 matches found
CVE-2023-1344
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-1346
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...
CVE-2023-1344
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-1345
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-1345
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-1339
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...
CVE-2023-1339
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...
CVE-2023-1335
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...
CVE-2023-1336
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...
CVE-2023-1342
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...
CVE-2023-1342
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...
CVE-2023-1341
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajaxdeactivate function. This makes it possible for unauthenticated attackers to turn off...
CVE-2023-1339
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...
CVE-2023-1336
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...
CVE-2023-1333
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...
CVE-2023-1335
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...
CVE-2023-1342
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...
CVE-2023-1340
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...
CVE-2023-1338
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...
CVE-2023-1337
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...