Lucene search
K

172 matches found

Positive Technologies
Positive Technologies
added 2023/06/22 12:0 a.m.7 views

PT-2023-15417 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin versions = 1.6.35 Description: The issue is related to an SQL Injection vulnerability in the RapidLoad Power-Up for Autoptimize plugin. This vulnerability can be exploited by authenticated subscribers...

8.5CVSS6.6AI score0.00635EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/03/17 3:15 p.m.2 views

CVE-2023-1472

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

6.3CVSS7.1AI score0.00209EPSS
Exploits0References3
OSV
OSV
added 2023/03/17 3:15 p.m.6 views

CVE-2023-1472

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

6.3CVSS6.7AI score0.00209EPSS
Exploits0References2
Prion
Prion
added 2023/03/17 3:15 p.m.12 views

Cross site request forgery (csrf)

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

6.8CVSS6AI score0.00209EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/17 2:21 p.m.55 views

CVE-2023-1472

Summary (CVE-2023-1472) The RapidLoad Power-Up for Autoptimize WordPress plugin is vulnerable to Cross-Site Request Forgery in versions up to 1.7.1 due to missing or incorrect nonce validation on AJAX actions. This allows an unauthenticated attacker to trigger admin actions by deceiving a site ad...

6.3CVSS6.3AI score0.00209EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/17 2:21 p.m.9 views

CVE-2023-1472 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

6.3CVSS6.8AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.5 views

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

6.3CVSS6.9AI score0.00209EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.13 views

WordPress RapidLoad Power-Up for Autoptimize Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software RapidLoad Power-Up for Autoptimize Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1339 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 443f715a7f8d Credits Marco...

4.3CVSS6.5AI score0.00548EPSS
Exploits0References9Affected Software1
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.13 views

WordPress RapidLoad Power-Up for Autoptimize Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software RapidLoad Power-Up for Autoptimize Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1340 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6be066de6870 Credits...

4.3CVSS6.6AI score0.00307EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/03/10 8:15 p.m.2 views

CVE-2023-1346

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...

4.3CVSS6.6AI score0.00315EPSS
Exploits0References3
OSV
OSV
added 2023/03/10 8:15 p.m.6 views

CVE-2023-1346

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...

4.3CVSS6.5AI score0.00315EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/10 8:15 p.m.1 views

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS6.6AI score0.00307EPSS
Exploits0References3
NVD
NVD
added 2023/03/10 8:15 p.m.22 views

CVE-2023-1345

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS4.2AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2023/03/10 8:15 p.m.7 views

CVE-2023-1345

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS7.2AI score0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/10 8:15 p.m.3 views

CVE-2023-1345

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS6.6AI score0.00307EPSS
Exploits0References3
NVD
NVD
added 2023/03/10 8:15 p.m.24 views

CVE-2023-1346

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...

4.3CVSS4.2AI score0.00315EPSS
Exploits0References3
NVD
NVD
added 2023/03/10 8:15 p.m.22 views

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS4.2AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2023/03/10 8:15 p.m.5 views

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS6.5AI score0.00307EPSS
Exploits0References2
OSV
OSV
added 2023/03/10 8:15 p.m.5 views

CVE-2023-1339

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucssupdaterule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS
Exploits0References2
NVD
NVD
added 2023/03/10 8:15 p.m.23 views

CVE-2023-1342

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...

4.3CVSS4.2AI score0.00307EPSS
Exploits0References3
Rows per page
Query Builder