Lucene search
K

5257 matches found

Prion
Prion
added 2023/03/10 8:15 p.m.13 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.15 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.24 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.14 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.20 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/10 7:20 p.m.26 views

CVE-2023-1335 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...

4.3CVSS4.6AI score0.00548EPSS
Exploits0References2
CVE
CVE
added 2023/03/10 7:20 p.m.43 views

CVE-2023-1335

CVE-2023-1335 affects the RapidLoad Power-Up for Autoptimize WordPress plugin. A missing capability check in the ucss_connect function (versions up to and including 1.7.1) allows authenticated subscribers to update plugin settings by connecting a new license key to the site. Impact is limited to ...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/10 7:20 p.m.9 views

CVE-2023-1338 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/10 7:20 p.m.23 views

CVE-2023-1338 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS4.6AI score0.00548EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/10 7:20 p.m.6 views

CVE-2023-1337 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4.3CVSS6.6AI score0.01024EPSS
Exploits0References2
CVE
CVE
added 2023/03/10 7:20 p.m.49 views

CVE-2023-1337

The CVE-2023-1337 entry concerns RapidLoad Power-Up for Autoptimize (WordPress). The vulnerability is due to a missing capability check in the clear_uucss_logs function, allowing authenticated subscribers to delete plugin log files (unauthorized data loss). Affected versions are up to and includi...

4.3CVSS5.1AI score0.01024EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/03/10 7:20 p.m.33 views

CVE-2023-1337 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4.3CVSS4.6AI score0.01024EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/10 7:19 p.m.25 views

CVE-2023-1336 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ajax_deactivate'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS4.6AI score0.00548EPSS
Exploits0References2
CVE
CVE
added 2023/03/10 7:19 p.m.53 views

CVE-2023-1336

CVE-2023-1336 concerns the RapidLoad Power-Up for Autoptimize WordPress plugin. The root cause is a missing capability check on the ajax_deactivate function in versions up to and including 1.7.1, allowing authenticated attackers with subscriber-level access to update settings and disable caching....

4.3CVSS5.1AI score0.00548EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/03/10 7:19 p.m.59 views

CVE-2023-1339

The CVE-2023-1339 entry concerns WordPress RapidLoad Power-Up for Autoptimize plugin. A missing capability check in the uucss_update_rule function in versions up to and including 1.7.1 allows authenticated attackers with subscriber-level access to update caching rules, i.e., perform unauthorized ...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/03/10 7:19 p.m.31 views

CVE-2023-1339 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS4.6AI score0.00548EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/10 7:2 p.m.32 views

CVE-2023-1333 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_page_cache'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...

4.3CVSS4.6AI score0.00548EPSS
Exploits0References2
CVE
CVE
added 2023/03/10 7:2 p.m.49 views

CVE-2023-1333

CVE-2023-1333 concerns the RapidLoad Power-Up for Autoptimize plugin (WordPress). The flaw is a missing capability check in the clear_page_cache function, allowing authenticated users with subscriber-level access to delete the plugin’s cache. Affected versions: RapidLoad Power-Up for Autoptimize ...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.6 views

PT-2023-16907 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the attach rule function. This allows...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.5 views

PT-2023-16903 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the queue posts function. This allows...

4.3CVSS5.2AI score0.00548EPSS
Exploits0References7
Rows per page
Query Builder