Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1346 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2023-1345 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2023-1344 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2023-1343 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2023-1342 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2023-1341 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2023-1340 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2023-1339 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules. | |||||
CVE-2023-1338 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules. | |||||
CVE-2023-1336 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching. | |||||
CVE-2023-1337 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files. | |||||
CVE-2023-1335 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site. | |||||
CVE-2023-1333 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache. | |||||
CVE-2023-1334 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache. |