CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2023/03/10 7:20 p.m.•21 views

CVE-2023-1338 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'

Vulnrichment•added 2023/03/10 7:20 p.m.•6 views

CVE-2023-1337 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4.3CVSS6.6AI score0.01024EPSS

Cvelist•added 2023/03/10 7:20 p.m.•30 views

CVE-2023-1337 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'

4.3CVSS4.6AI score0.01024EPSS

CVE•added 2023/03/10 7:20 p.m.•48 views

CVE-2023-1337

The CVE-2023-1337 entry concerns RapidLoad Power-Up for Autoptimize (WordPress). The vulnerability is due to a missing capability check in the clear_uucss_logs function, allowing authenticated subscribers to delete plugin log files (unauthorized data loss). Affected versions are up to and includi...

4.3CVSS5.1AI score0.01024EPSS

CVE•added 2023/03/10 7:19 p.m.•52 views

CVE-2023-1336

CVE-2023-1336 concerns the RapidLoad Power-Up for Autoptimize WordPress plugin. The root cause is a missing capability check on the ajax_deactivate function in versions up to and including 1.7.1, allowing authenticated attackers with subscriber-level access to update settings and disable caching....

Cvelist•added 2023/03/10 7:19 p.m.•24 views

CVE-2023-1336 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ajax_deactivate'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

Cvelist•added 2023/03/10 7:19 p.m.•22 views

CVE-2023-1339 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

CVE•added 2023/03/10 7:19 p.m.•54 views

CVE-2023-1339

The CVE-2023-1339 entry concerns WordPress RapidLoad Power-Up for Autoptimize plugin. A missing capability check in the uucss_update_rule function in versions up to and including 1.7.1 allows authenticated attackers with subscriber-level access to update caching rules, i.e., perform unauthorized ...

Cvelist•added 2023/03/10 7:2 p.m.•30 views

CVE-2023-1333 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_page_cache'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...

CVE•added 2023/03/10 7:2 p.m.•47 views

CVE-2023-1333

CVE-2023-1333 concerns the RapidLoad Power-Up for Autoptimize plugin (WordPress). The flaw is a missing capability check in the clear_page_cache function, allowing authenticated users with subscriber-level access to delete the plugin’s cache. Affected versions: RapidLoad Power-Up for Autoptimize ...

Positive Technologies•added 2023/03/10 12:0 a.m.•2 views

PT-2023-16905 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to a missing capability check on the ajax deactivate function, allowing authenticated attackers with subscriber-lev...

4.3CVSS5.2AI score0.00548EPSS

Positive Technologies•added 2023/03/10 12:0 a.m.•4 views

PT-2023-16903 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the queue posts function. This allows...

4.3CVSS5.2AI score0.00548EPSS

Positive Technologies•added 2023/03/10 12:0 a.m.•4 views

PT-2023-16907 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the attach rule function. This allows...

Positive Technologies•added 2023/03/10 12:0 a.m.•3 views

PT-2023-16906 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized data loss due to a missing capability check on the clear uucss logs function. This allows...

4.3CVSS4.5AI score0.01024EPSS