3 matches found
CVE-2023-1344
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-1344
CVE-2023-1344 affects the RapidLoad Power-Up for Autoptimize (WordPress). The flaw is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the uucss_update_rule (and related attach_rule) functionality, enabling unauthenticated attackers to modify the plugin cache by luring...
CVE-2023-1344 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'uucss_update_rule'
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...