Lucene search
K
RapidloadRapidload Power-up For Autoptimize

17 matches found

CVE
CVE
added 2023/03/10 7:7 p.m.68 views

CVE-2023-1346

CVE-2023-1346 affects the WordPress plugin RapidLoad Power-Up for Autoptimize (versions up to and including 1.7.1). The issue is a CSRF in the clear_page_cache function due to missing or incorrect nonce validation, allowing unauthenticated attackers to clear the plugin cache if a site admin is tr...

4.3CVSS5.1AI score0.00315EPSS
CVE
CVE
added 2023/03/10 7:7 p.m.67 views

CVE-2023-1345

CVE-2023-1345 describes a CSRF vulnerability in the RapidLoad Power-Up for Autoptimize WordPress plugin up to version 1.7.1, caused by missing/incorrect nonce validation in the queue_posts function. This allows unauthenticated attackers to forge requests and modify the plugin cache if a site admi...

4.3CVSS5.1AI score0.00307EPSS
CVE
CVE
added 2023/03/10 7:19 p.m.60 views

CVE-2023-1339

The CVE-2023-1339 entry concerns WordPress RapidLoad Power-Up for Autoptimize plugin. A missing capability check in the uucss_update_rule function in versions up to and including 1.7.1 allows authenticated attackers with subscriber-level access to update caching rules, i.e., perform unauthorized ...

4.3CVSS5.1AI score0.00548EPSS
CVE
CVE
added 2023/03/10 7:6 p.m.58 views

CVE-2023-1342

CVE-2023-1342 concerns the WordPress plugin RapidLoad Power-Up for Autoptimize. The vulnerability is a Cross‑Site Request Forgery (CSRF) in the ucss_connect function caused by missing/incorrect nonce validation. This can allow unauthenticated attackers to instruct a site to connect to a new licen...

4.3CVSS5.1AI score0.00307EPSS
CVE
CVE
added 2023/03/10 7:19 p.m.56 views

CVE-2023-1336

CVE-2023-1336 concerns the RapidLoad Power-Up for Autoptimize WordPress plugin. The root cause is a missing capability check on the ajax_deactivate function in versions up to and including 1.7.1, allowing authenticated attackers with subscriber-level access to update settings and disable caching....

4.3CVSS5.1AI score0.00548EPSS
CVE
CVE
added 2025/02/01 3:21 a.m.56 views

CVE-2024-13651

CVE-2024-13651 affects the RapidLoad – Optimize Web Vitals Automatically WordPress plugin (versions up to 2.4.4). The underlying issue is a missing capability check in ajax_deactivate(), enabling authenticated users with Subscriber+ privileges to modify plugin settings. Public details from multip...

4.3CVSS4.4AI score0.00281EPSS
CVE
CVE
added 2023/03/17 2:21 p.m.55 views

CVE-2023-1472

Summary (CVE-2023-1472) The RapidLoad Power-Up for Autoptimize WordPress plugin is vulnerable to Cross-Site Request Forgery in versions up to 1.7.1 due to missing or incorrect nonce validation on AJAX actions. This allows an unauthenticated attacker to trigger admin actions by deceiving a site ad...

6.3CVSS6.3AI score0.00209EPSS
CVE
CVE
added 2023/03/10 7:2 p.m.52 views

CVE-2023-1333

CVE-2023-1333 concerns the RapidLoad Power-Up for Autoptimize plugin (WordPress). The flaw is a missing capability check in the clear_page_cache function, allowing authenticated users with subscriber-level access to delete the plugin’s cache. Affected versions: RapidLoad Power-Up for Autoptimize ...

4.3CVSS5.1AI score0.00548EPSS
CVE
CVE
added 2023/03/10 7:20 p.m.52 views

CVE-2023-1338

CVE-2023-1338 concerns the WordPress plugin RapidLoad Power-Up for Autoptimize. The vulnerability arises from a missing capability check in the attach_rule function, allowing authenticated users with subscriber-level access to modify cache rules. Affected versions are up to and including 1.7.1. T...

4.3CVSS5.1AI score0.00548EPSS
CVE
CVE
added 2023/03/10 7:20 p.m.51 views

CVE-2023-1337

The CVE-2023-1337 entry concerns RapidLoad Power-Up for Autoptimize (WordPress). The vulnerability is due to a missing capability check in the clear_uucss_logs function, allowing authenticated subscribers to delete plugin log files (unauthorized data loss). Affected versions are up to and includi...

4.3CVSS5.1AI score0.01024EPSS
CVE
CVE
added 2023/03/10 7:5 p.m.49 views

CVE-2023-1340

CVE-2023-1340 refers to the RapidLoad Power-Up for Autoptimize WordPress plugin, affected versions up to and including 1.7.1. The root cause is missing or incorrect nonce validation in the clear_uucss_logs function, enabling CSRF where an unauthenticated attacker could trick a site administrator ...

4.3CVSS5.1AI score0.00307EPSS
CVE
CVE
added 2023/03/10 7:7 p.m.47 views

CVE-2023-1344

CVE-2023-1344 affects the RapidLoad Power-Up for Autoptimize (WordPress). The flaw is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the uucss_update_rule (and related attach_rule) functionality, enabling unauthenticated attackers to modify the plugin cache by luring...

4.3CVSS5.1AI score0.00307EPSS
CVE
CVE
added 2023/03/10 7:2 p.m.46 views

CVE-2023-1334

The CVE-2023-1334 entry relates to RapidLoad Power-Up for Autoptimize (WordPress plugin). Multiple connected sources confirm a vulnerability in versions up to 1.7.1 where a missing capability check on the queue_posts function allows authenticated users with subscriber-level access to modify the p...

4.3CVSS5.1AI score0.00548EPSS
CVE
CVE
added 2023/03/10 7:20 p.m.46 views

CVE-2023-1335

CVE-2023-1335 affects the RapidLoad Power-Up for Autoptimize WordPress plugin. A missing capability check in the ucss_connect function (versions up to and including 1.7.1) allows authenticated subscribers to update plugin settings by connecting a new license key to the site. Impact is limited to ...

4.3CVSS5.1AI score0.00548EPSS
CVE
CVE
added 2023/03/10 7:5 p.m.45 views

CVE-2023-1341

CVE-2023-1341 affects the RapidLoad Power-Up for Autoptimize (WordPress). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_deactivate function, allowing unauthenticated attackers to turn off caching by luring an admin to perform an action. Affecte...

4.3CVSS5.1AI score0.00307EPSS
CVE
CVE
added 2023/03/10 7:6 p.m.41 views

CVE-2023-1343

CVE-2023-1343 affects the RapidLoad Power-Up for Autoptimize WordPress plugin. The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the attach_rule function, allowing unauthenticated attackers to modify the plugin cache if a site administrator is tricked into ...

4.3CVSS5.1AI score0.00307EPSS
CVE
CVE
added 2023/06/22 12:45 p.m.40 views

CVE-2022-47593

CVE-2022-47593 affects WordPress RapidLoad Power-Up for Autoptimize plugin, versions ≤ 1.6.35. The vulnerability is an SQL Injection exploitable by authenticated subscribers. Patchstack and other sources state the fix is in version 1.6.36 or later. Practical impact: unauthorized access to data vi...

8.5CVSS7.8AI score0.00635EPSS