4 matches found
CVE-2023-1340
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...
WordPress RapidLoad Power-Up for Autoptimize Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software RapidLoad Power-Up for Autoptimize Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1340 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6be066de6870 Credits...
CVE-2023-1340
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...
CVE-2023-1340 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs'
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...