2 matches found
CVE-2024-21751
CVE-2024-21751 concerns the WordPress plugin RabbitLoader up to version 2.19.13, where multiple AJAX actions lack proper authorization checks, allowing authenticated users with subscriber-level access and above to modify data (e.g., purge site cache or switch caching modes) without permission. Th...
CVE-2024-8800
CVE-2024-8800 describes a Reflected Cross-Site Scripting vulnerability in the RabbitLoader WordPress plugin up to version 2.21.0. The flaw stems from using add_query_arg without proper escaping, enabling unauthenticated attackers to craft links that inject scripts in pages executed by a user who ...