CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/03/10 8:15 p.m.•4 views

CVE-2023-1334

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queueposts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS7.3AI score0.00548EPSS

OSV•added 2023/03/10 8:15 p.m.•2 views

CVE-2023-1333

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...

4.3CVSS7.3AI score

OSV•added 2023/03/10 8:15 p.m.•4 views

CVE-2023-1337

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4.3CVSS7.3AI score0.01024EPSS

ATTACKERKB•added 2023/03/10 8:15 p.m.•1 views

CVE-2023-1335

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...

4.3CVSS6.6AI score0.00548EPSS

ATTACKERKB•added 2023/03/10 8:15 p.m.•3 views

CVE-2023-1333

4.3CVSS6.6AI score0.00548EPSS

NVD•added 2023/03/10 8:15 p.m.•12 views

CVE-2023-1336

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

NVD•added 2023/03/10 8:15 p.m.•17 views

CVE-2023-1334

NVD•added 2023/03/10 8:15 p.m.•22 views

CVE-2023-1335

NVD•added 2023/03/10 8:15 p.m.•15 views

CVE-2023-1339

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

NVD•added 2023/03/10 8:15 p.m.•17 views

CVE-2023-1338

NVD•added 2023/03/10 8:15 p.m.•15 views

CVE-2023-1337

4.3CVSS4.2AI score0.01024EPSS

Prion•added 2023/03/10 8:15 p.m.•22 views

Design/Logic Flaw

Prion•added 2023/03/10 8:15 p.m.•13 views

Design/Logic Flaw

Prion•added 2023/03/10 8:15 p.m.•11 views

Design/Logic Flaw

Prion•added 2023/03/10 8:15 p.m.•18 views

Design/Logic Flaw

Prion•added 2023/03/10 8:15 p.m.•18 views

Design/Logic Flaw

4CVSS4.3AI score0.01024EPSS

Prion•added 2023/03/10 8:15 p.m.•13 views

Design/Logic Flaw

CVE•added 2023/03/10 7:20 p.m.•43 views

CVE-2023-1335

CVE-2023-1335 affects the RapidLoad Power-Up for Autoptimize WordPress plugin. A missing capability check in the ucss_connect function (versions up to and including 1.7.1) allows authenticated subscribers to update plugin settings by connecting a new license key to the site. Impact is limited to ...

4.3CVSS5.1AI score0.00548EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/03/10 7:20 p.m.•25 views

CVE-2023-1335 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect'

4.3CVSS4.6AI score0.00548EPSS