Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 2:32 a.m.6 views

CVE-2023-1338

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References1
osv
osv
added 2023/03/10 8:15 p.m.4 views

CVE-2023-1338

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/03/10 12:0 a.m.7 views

PT-2023-16907 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the attach rule function. This allows...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References7
hackerone
hackerone
added 2022/09/12 5:16 p.m.35 views

Expedia Group Bug Bounty: Cache Deception Allows Account Takeover

A vulnerability allowed an attacker to extract a user's session token from a cacheable page, leading to account takeover. The session token was reflected in the response of a cacheable URL, and the server responded with a 200 OK. The caching server saw the response as cacheable due to the file...

6.9AI score
Exploits0
Rows per page
Query Builder