Power-up For Autoptimize Security Vulnerabilities and Issues — Power-up For Autoptimize CVE List

Lucene search

RapidloadPower-up For Autoptimize

15 matches found

CVE•added 2024/04/07 6:15 p.m.•51 views

CVE-2024-31288

Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11.

7.2CVSS7.2AI score0.00095EPSS

CVE•added 2023/03/10 8:15 p.m.•45 views

CVE-2023-1346

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the p...

4.3CVSS5.1AI score0.00063EPSS

CVE•added 2023/03/10 8:15 p.m.•42 views

CVE-2023-1345

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugi...

4.3CVSS5.1AI score0.00063EPSS

CVE•added 2023/03/10 8:15 p.m.•41 views

CVE-2023-1339

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to u...

4.3CVSS5.1AI score0.00083EPSS

CVE•added 2023/03/10 8:15 p.m.•40 views

CVE-2023-1336

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to dis...

4.3CVSS5.1AI score0.00083EPSS

CVE•added 2023/03/10 8:15 p.m.•39 views

CVE-2023-1342

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the sit...

4.3CVSS5.1AI score0.00063EPSS

CVE•added 2023/03/10 8:15 p.m.•38 views

CVE-2023-1338

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modi...

4.3CVSS5.1AI score0.00083EPSS

CVE•added 2023/03/10 8:15 p.m.•37 views

CVE-2023-1340

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugi...

4.3CVSS5.1AI score0.00063EPSS

CVE•added 2023/03/10 8:15 p.m.•33 views

CVE-2023-1333

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...

4.3CVSS5.1AI score0.00083EPSS

CVE•added 2023/03/10 8:15 p.m.•33 views

CVE-2023-1337

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete p...

4.3CVSS5.1AI score0.01367EPSS

CVE•added 2023/03/10 8:15 p.m.•33 views

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.1AI score0.00063EPSS

CVE•added 2023/03/10 8:15 p.m.•32 views

CVE-2023-1334

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modi...

4.3CVSS5.1AI score0.00083EPSS

CVE•added 2023/03/10 8:15 p.m.•32 views

CVE-2023-1335

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS5.1AI score0.00083EPSS

CVE•added 2023/03/10 8:15 p.m.•28 views

CVE-2023-1341

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off cac...

4.3CVSS5.1AI score0.00063EPSS

CVE•added 2023/03/10 8:15 p.m.•24 views

CVE-2023-1343

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugi...

4.3CVSS5.1AI score0.00063EPSS