Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Rapidload Subscribe
Filtered by product Power-up For Autoptimize
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1346 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1345 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1344 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1343 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1342 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1341 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1340 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1339 1 Rapidload 1 Power-up For Autoptimize 2023-03-14 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.
CVE-2023-1338 1 Rapidload 1 Power-up For Autoptimize 2023-03-14 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.
CVE-2023-1336 1 Rapidload 1 Power-up For Autoptimize 2023-03-14 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.
CVE-2023-1337 1 Rapidload 1 Power-up For Autoptimize 2023-03-14 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
CVE-2023-1335 1 Rapidload 1 Power-up For Autoptimize 2023-03-14 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.
CVE-2023-1333 1 Rapidload 1 Power-up For Autoptimize 2023-03-14 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.
CVE-2023-1334 1 Rapidload 1 Power-up For Autoptimize 2023-03-14 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.