Lucene search
K

172 matches found

ATTACKERKB
ATTACKERKB
added 2023/03/10 8:15 p.m.1 views

CVE-2023-1337

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4.3CVSS6.6AI score0.01024EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/03/10 8:15 p.m.2 views

CVE-2023-1341

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajaxdeactivate function. This makes it possible for unauthenticated attackers to turn off...

4.3CVSS6.6AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2023/03/10 8:15 p.m.4 views

CVE-2023-1338

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/10 8:15 p.m.1 views

CVE-2023-1336

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS
Exploits0References3
NVD
NVD
added 2023/03/10 8:15 p.m.28 views

CVE-2023-1334

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queueposts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS4.2AI score0.00548EPSS
Exploits0References3
NVD
NVD
added 2023/03/10 8:15 p.m.18 views

CVE-2023-1338

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS4.2AI score0.00548EPSS
Exploits0References3
NVD
NVD
added 2023/03/10 8:15 p.m.22 views

CVE-2023-1342

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...

4.3CVSS4.2AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2023/03/10 8:15 p.m.5 views

CVE-2023-1342

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...

4.3CVSS6.5AI score0.00307EPSS
Exploits0References2
Prion
Prion
added 2023/03/10 8:15 p.m.20 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4CVSS4.3AI score0.01024EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.26 views

Cross site request forgery (csrf)

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajaxdeactivate function. This makes it possible for unauthenticated attackers to turn off...

4.3CVSS4.3AI score0.00307EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.13 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.17 views

Cross site request forgery (csrf)

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...

4.3CVSS4.3AI score0.00307EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.27 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queueposts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.14 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.24 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/10 8:15 p.m.20 views

Design/Logic Flaw

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4CVSS4.3AI score0.00548EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/10 7:20 p.m.46 views

CVE-2023-1335

CVE-2023-1335 affects the RapidLoad Power-Up for Autoptimize WordPress plugin. A missing capability check in the ucss_connect function (versions up to and including 1.7.1) allows authenticated subscribers to update plugin settings by connecting a new license key to the site. Impact is limited to ...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/10 7:20 p.m.10 views

CVE-2023-1338 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS
Exploits0References2
CVE
CVE
added 2023/03/10 7:20 p.m.52 views

CVE-2023-1338

CVE-2023-1338 concerns the WordPress plugin RapidLoad Power-Up for Autoptimize. The vulnerability arises from a missing capability check in the attach_rule function, allowing authenticated users with subscriber-level access to modify cache rules. Affected versions are up to and including 1.7.1. T...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/03/10 7:20 p.m.24 views

CVE-2023-1338 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS4.6AI score0.00548EPSS
Exploits0References2
Rows per page
Query Builder