CVE-2023-1338

CVE-2023-1338 concerns the WordPress plugin RapidLoad Power-Up for Autoptimize. The vulnerability arises from a missing capability check in the attach_rule function, allowing authenticated users with subscriber-level access to modify cache rules. Affected versions are up to and including 1.7.1. T...

CVE-2023-1337

The CVE-2023-1337 entry concerns RapidLoad Power-Up for Autoptimize (WordPress). The vulnerability is due to a missing capability check in the clear_uucss_logs function, allowing authenticated subscribers to delete plugin log files (unauthorized data loss). Affected versions are up to and includi...

CVE-2023-1336

CVE-2023-1336 concerns the RapidLoad Power-Up for Autoptimize WordPress plugin. The root cause is a missing capability check on the ajax_deactivate function in versions up to and including 1.7.1, allowing authenticated attackers with subscriber-level access to update settings and disable caching....

CVE-2023-1339

The CVE-2023-1339 entry concerns WordPress RapidLoad Power-Up for Autoptimize plugin. A missing capability check in the uucss_update_rule function in versions up to and including 1.7.1 allows authenticated attackers with subscriber-level access to update caching rules, i.e., perform unauthorized ...

CVE-2023-1339 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

CVE-2023-1339 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

CVE-2023-1346 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_page_cache'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...

CVE-2023-1346

CVE-2023-1346 affects the WordPress plugin RapidLoad Power-Up for Autoptimize (versions up to and including 1.7.1). The issue is a CSRF in the clear_page_cache function due to missing or incorrect nonce validation, allowing unauthenticated attackers to clear the plugin cache if a site admin is tr...

CVE-2023-1345 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'queue_posts'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

CVE-2023-1345 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'queue_posts'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

CVE-2023-1345

CVE-2023-1345 describes a CSRF vulnerability in the RapidLoad Power-Up for Autoptimize WordPress plugin up to version 1.7.1, caused by missing/incorrect nonce validation in the queue_posts function. This allows unauthenticated attackers to forge requests and modify the plugin cache if a site admi...

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

CVE-2023-1344

CVE-2023-1344 affects the RapidLoad Power-Up for Autoptimize (WordPress). The flaw is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the uucss_update_rule (and related attach_rule) functionality, enabling unauthenticated attackers to modify the plugin cache by luring...

CVE-2023-1342 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ucss_connect'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...

CVE-2023-1342

CVE-2023-1342 concerns the WordPress plugin RapidLoad Power-Up for Autoptimize. The vulnerability is a Cross‑Site Request Forgery (CSRF) in the ucss_connect function caused by missing/incorrect nonce validation. This can allow unauthenticated attackers to instruct a site to connect to a new licen...

CVE-2023-1341 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ajax_deactivate'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajaxdeactivate function. This makes it possible for unauthenticated attackers to turn off...

CVE-2023-1341

CVE-2023-1341 affects the RapidLoad Power-Up for Autoptimize (WordPress). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_deactivate function, allowing unauthenticated attackers to turn off caching by luring an admin to perform an action. Affecte...

CVE-2023-1340

CVE-2023-1340 refers to the RapidLoad Power-Up for Autoptimize WordPress plugin, affected versions up to and including 1.7.1. The root cause is missing or incorrect nonce validation in the clear_uucss_logs function, enabling CSRF where an unauthenticated attacker could trick a site administrator ...

CVE-2023-1340 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...

CVE-2023-1340 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...