17 matches found
CVE-2023-1346
CVE-2023-1346 affects the WordPress plugin RapidLoad Power-Up for Autoptimize (versions up to and including 1.7.1). The issue is a CSRF in the clear_page_cache function due to missing or incorrect nonce validation, allowing unauthenticated attackers to clear the plugin cache if a site admin is tr...
CVE-2023-1345
CVE-2023-1345 describes a CSRF vulnerability in the RapidLoad Power-Up for Autoptimize WordPress plugin up to version 1.7.1, caused by missing/incorrect nonce validation in the queue_posts function. This allows unauthenticated attackers to forge requests and modify the plugin cache if a site admi...
CVE-2023-1339
The CVE-2023-1339 entry concerns WordPress RapidLoad Power-Up for Autoptimize plugin. A missing capability check in the uucss_update_rule function in versions up to and including 1.7.1 allows authenticated attackers with subscriber-level access to update caching rules, i.e., perform unauthorized ...
CVE-2023-1342
CVE-2023-1342 concerns the WordPress plugin RapidLoad Power-Up for Autoptimize. The vulnerability is a Cross‑Site Request Forgery (CSRF) in the ucss_connect function caused by missing/incorrect nonce validation. This can allow unauthenticated attackers to instruct a site to connect to a new licen...
CVE-2023-1336
CVE-2023-1336 concerns the RapidLoad Power-Up for Autoptimize WordPress plugin. The root cause is a missing capability check on the ajax_deactivate function in versions up to and including 1.7.1, allowing authenticated attackers with subscriber-level access to update settings and disable caching....
CVE-2024-13651
CVE-2024-13651 affects the RapidLoad – Optimize Web Vitals Automatically WordPress plugin (versions up to 2.4.4). The underlying issue is a missing capability check in ajax_deactivate(), enabling authenticated users with Subscriber+ privileges to modify plugin settings. Public details from multip...
CVE-2023-1472
Summary (CVE-2023-1472) The RapidLoad Power-Up for Autoptimize WordPress plugin is vulnerable to Cross-Site Request Forgery in versions up to 1.7.1 due to missing or incorrect nonce validation on AJAX actions. This allows an unauthenticated attacker to trigger admin actions by deceiving a site ad...
CVE-2023-1333
CVE-2023-1333 concerns the RapidLoad Power-Up for Autoptimize plugin (WordPress). The flaw is a missing capability check in the clear_page_cache function, allowing authenticated users with subscriber-level access to delete the plugin’s cache. Affected versions: RapidLoad Power-Up for Autoptimize ...
CVE-2023-1338
CVE-2023-1338 concerns the WordPress plugin RapidLoad Power-Up for Autoptimize. The vulnerability arises from a missing capability check in the attach_rule function, allowing authenticated users with subscriber-level access to modify cache rules. Affected versions are up to and including 1.7.1. T...
CVE-2023-1337
The CVE-2023-1337 entry concerns RapidLoad Power-Up for Autoptimize (WordPress). The vulnerability is due to a missing capability check in the clear_uucss_logs function, allowing authenticated subscribers to delete plugin log files (unauthorized data loss). Affected versions are up to and includi...
CVE-2023-1340
CVE-2023-1340 refers to the RapidLoad Power-Up for Autoptimize WordPress plugin, affected versions up to and including 1.7.1. The root cause is missing or incorrect nonce validation in the clear_uucss_logs function, enabling CSRF where an unauthenticated attacker could trick a site administrator ...
CVE-2023-1344
CVE-2023-1344 affects the RapidLoad Power-Up for Autoptimize (WordPress). The flaw is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the uucss_update_rule (and related attach_rule) functionality, enabling unauthenticated attackers to modify the plugin cache by luring...
CVE-2023-1334
The CVE-2023-1334 entry relates to RapidLoad Power-Up for Autoptimize (WordPress plugin). Multiple connected sources confirm a vulnerability in versions up to 1.7.1 where a missing capability check on the queue_posts function allows authenticated users with subscriber-level access to modify the p...
CVE-2023-1335
CVE-2023-1335 affects the RapidLoad Power-Up for Autoptimize WordPress plugin. A missing capability check in the ucss_connect function (versions up to and including 1.7.1) allows authenticated subscribers to update plugin settings by connecting a new license key to the site. Impact is limited to ...
CVE-2023-1341
CVE-2023-1341 affects the RapidLoad Power-Up for Autoptimize (WordPress). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_deactivate function, allowing unauthenticated attackers to turn off caching by luring an admin to perform an action. Affecte...
CVE-2023-1343
CVE-2023-1343 affects the RapidLoad Power-Up for Autoptimize WordPress plugin. The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the attach_rule function, allowing unauthenticated attackers to modify the plugin cache if a site administrator is tricked into ...
CVE-2022-47593
CVE-2022-47593 affects WordPress RapidLoad Power-Up for Autoptimize plugin, versions ≤ 1.6.35. The vulnerability is an SQL Injection exploitable by authenticated subscribers. Patchstack and other sources state the fix is in version 1.6.36 or later. Practical impact: unauthorized access to data vi...