Search criteria
28 vulnerabilities found for power-up_for_autoptimize by rapidload
CVE-2023-1346 (GCVE-0-2023-1346)
Vulnerability from nvd – Published: 2023-03-10 19:07 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b228f8b1-dd68-41ee-bc49-6a62e5267233"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:40.771926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:05.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:07:39.988Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b228f8b1-dd68-41ee-bc49-6a62e5267233"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1346",
"datePublished": "2023-03-10T19:07:39.988Z",
"dateReserved": "2023-03-10T18:50:16.861Z",
"dateUpdated": "2025-01-13T16:59:05.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1345 (GCVE-0-2023-1345)
Vulnerability from nvd – Published: 2023-03-10 19:07 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d16fa590-1409-4f04-b8b7-0cce17412a5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:44.073574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:15.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:07:23.931Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d16fa590-1409-4f04-b8b7-0cce17412a5f"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1345",
"datePublished": "2023-03-10T19:07:23.931Z",
"dateReserved": "2023-03-10T18:50:10.054Z",
"dateUpdated": "2025-01-13T16:59:15.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1344 (GCVE-0-2023-1344)
Vulnerability from nvd – Published: 2023-03-10 19:07 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/263153c9-61c5-4df4-803b-8d274e2a5e35"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:47.779133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:24.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:07:04.653Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/263153c9-61c5-4df4-803b-8d274e2a5e35"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1344",
"datePublished": "2023-03-10T19:07:04.653Z",
"dateReserved": "2023-03-10T18:50:02.744Z",
"dateUpdated": "2025-01-13T16:59:24.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1343 (GCVE-0-2023-1343)
Vulnerability from nvd – Published: 2023-03-10 19:06 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11f74b86-a050-4247-b310-045bf48fd4bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:50.630704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:34.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:06:46.944Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11f74b86-a050-4247-b310-045bf48fd4bd"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1343",
"datePublished": "2023-03-10T19:06:46.944Z",
"dateReserved": "2023-03-10T18:49:56.180Z",
"dateUpdated": "2025-01-13T16:59:34.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1342 (GCVE-0-2023-1342)
Vulnerability from nvd – Published: 2023-03-10 19:06 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:53.783881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:45.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:06:29.768Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1342",
"datePublished": "2023-03-10T19:06:29.768Z",
"dateReserved": "2023-03-10T18:49:48.223Z",
"dateUpdated": "2025-01-13T16:59:45.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1341 (GCVE-0-2023-1341)
Vulnerability from nvd – Published: 2023-03-10 19:05 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d95b01c3-5db4-40ac-8787-0db58a9cc3a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:58.329703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:54.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:05:49.813Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d95b01c3-5db4-40ac-8787-0db58a9cc3a6"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1341",
"datePublished": "2023-03-10T19:05:49.813Z",
"dateReserved": "2023-03-10T18:49:40.150Z",
"dateUpdated": "2025-01-13T16:59:54.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1340 (GCVE-0-2023-1340)
Vulnerability from nvd – Published: 2023-03-10 19:05 – Updated: 2025-01-13 17:00
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/488e26e2-d4d7-4036-a672-53c2d4c9d39b"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:25:01.380168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:00:05.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:05:24.140Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/488e26e2-d4d7-4036-a672-53c2d4c9d39b"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1340",
"datePublished": "2023-03-10T19:05:24.140Z",
"dateReserved": "2023-03-10T18:49:25.611Z",
"dateUpdated": "2025-01-13T17:00:05.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1339 (GCVE-0-2023-1339)
Vulnerability from nvd – Published: 2023-03-10 19:19 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:37.955765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:54.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:19:45.912Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1339",
"datePublished": "2023-03-10T19:19:45.912Z",
"dateReserved": "2023-03-10T18:34:03.831Z",
"dateUpdated": "2025-01-13T16:58:54.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1338 (GCVE-0-2023-1338)
Vulnerability from nvd – Published: 2023-03-10 19:20 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb55b22-a0d0-424f-8e4f-57d3f239c149"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:21.957835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:23.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:20:19.833Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb55b22-a0d0-424f-8e4f-57d3f239c149"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1338",
"datePublished": "2023-03-10T19:20:19.833Z",
"dateReserved": "2023-03-10T18:33:24.935Z",
"dateUpdated": "2025-01-13T16:58:23.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1337 (GCVE-0-2023-1337)
Vulnerability from nvd – Published: 2023-03-10 19:20 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a52325f9-51b5-469c-865e-73a22002d46f"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:27.927799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:33.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:20:09.857Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a52325f9-51b5-469c-865e-73a22002d46f"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1337",
"datePublished": "2023-03-10T19:20:09.857Z",
"dateReserved": "2023-03-10T18:33:09.782Z",
"dateUpdated": "2025-01-13T16:58:33.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1336 (GCVE-0-2023-1336)
Vulnerability from nvd – Published: 2023-03-10 19:19 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2296800-93d6-48fa-aa09-3d28fa6371d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:34.439005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:42.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:19:57.489Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2296800-93d6-48fa-aa09-3d28fa6371d7"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1336",
"datePublished": "2023-03-10T19:19:57.489Z",
"dateReserved": "2023-03-10T18:32:52.551Z",
"dateUpdated": "2025-01-13T16:58:42.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1335 (GCVE-0-2023-1335)
Vulnerability from nvd – Published: 2023-03-10 19:20 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eba48c51-87d9-4e7e-b4c1-0205cd96d033"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:19.193552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:15.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:20:36.009Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eba48c51-87d9-4e7e-b4c1-0205cd96d033"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1335",
"datePublished": "2023-03-10T19:20:36.009Z",
"dateReserved": "2023-03-10T18:32:08.650Z",
"dateUpdated": "2025-01-13T16:58:15.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1334 (GCVE-0-2023-1334)
Vulnerability from nvd – Published: 2023-03-10 19:02 – Updated: 2025-01-13 17:00
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3108ef4-f889-4ae1-b86f-cedf46dcea19"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:25:05.402520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:00:21.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin\u0027s cache."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:02:28.268Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3108ef4-f889-4ae1-b86f-cedf46dcea19"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1334",
"datePublished": "2023-03-10T19:02:28.268Z",
"dateReserved": "2023-03-10T18:31:39.753Z",
"dateUpdated": "2025-01-13T17:00:21.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1333 (GCVE-0-2023-1333)
Vulnerability from nvd – Published: 2023-03-10 19:02 – Updated: 2025-01-13 17:00
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:25:08.151177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:00:29.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin\u0027s cache."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:02:13.023Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-13T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1333",
"datePublished": "2023-03-10T19:02:13.023Z",
"dateReserved": "2023-03-10T18:25:30.033Z",
"dateUpdated": "2025-01-13T17:00:29.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1335 (GCVE-0-2023-1335)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:20 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eba48c51-87d9-4e7e-b4c1-0205cd96d033"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:19.193552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:15.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:20:36.009Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eba48c51-87d9-4e7e-b4c1-0205cd96d033"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1335",
"datePublished": "2023-03-10T19:20:36.009Z",
"dateReserved": "2023-03-10T18:32:08.650Z",
"dateUpdated": "2025-01-13T16:58:15.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1338 (GCVE-0-2023-1338)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:20 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb55b22-a0d0-424f-8e4f-57d3f239c149"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:21.957835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:23.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:20:19.833Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb55b22-a0d0-424f-8e4f-57d3f239c149"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1338",
"datePublished": "2023-03-10T19:20:19.833Z",
"dateReserved": "2023-03-10T18:33:24.935Z",
"dateUpdated": "2025-01-13T16:58:23.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1337 (GCVE-0-2023-1337)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:20 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a52325f9-51b5-469c-865e-73a22002d46f"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:27.927799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:33.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:20:09.857Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a52325f9-51b5-469c-865e-73a22002d46f"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1337",
"datePublished": "2023-03-10T19:20:09.857Z",
"dateReserved": "2023-03-10T18:33:09.782Z",
"dateUpdated": "2025-01-13T16:58:33.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1336 (GCVE-0-2023-1336)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:19 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2296800-93d6-48fa-aa09-3d28fa6371d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:34.439005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:42.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:19:57.489Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2296800-93d6-48fa-aa09-3d28fa6371d7"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1336",
"datePublished": "2023-03-10T19:19:57.489Z",
"dateReserved": "2023-03-10T18:32:52.551Z",
"dateUpdated": "2025-01-13T16:58:42.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1339 (GCVE-0-2023-1339)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:19 – Updated: 2025-01-13 16:58
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:37.955765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:58:54.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:19:45.912Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1339",
"datePublished": "2023-03-10T19:19:45.912Z",
"dateReserved": "2023-03-10T18:34:03.831Z",
"dateUpdated": "2025-01-13T16:58:54.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1346 (GCVE-0-2023-1346)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:07 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b228f8b1-dd68-41ee-bc49-6a62e5267233"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:40.771926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:05.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:07:39.988Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b228f8b1-dd68-41ee-bc49-6a62e5267233"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1346",
"datePublished": "2023-03-10T19:07:39.988Z",
"dateReserved": "2023-03-10T18:50:16.861Z",
"dateUpdated": "2025-01-13T16:59:05.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1345 (GCVE-0-2023-1345)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:07 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d16fa590-1409-4f04-b8b7-0cce17412a5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:44.073574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:15.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:07:23.931Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d16fa590-1409-4f04-b8b7-0cce17412a5f"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1345",
"datePublished": "2023-03-10T19:07:23.931Z",
"dateReserved": "2023-03-10T18:50:10.054Z",
"dateUpdated": "2025-01-13T16:59:15.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1344 (GCVE-0-2023-1344)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:07 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/263153c9-61c5-4df4-803b-8d274e2a5e35"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:47.779133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:24.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:07:04.653Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/263153c9-61c5-4df4-803b-8d274e2a5e35"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1344",
"datePublished": "2023-03-10T19:07:04.653Z",
"dateReserved": "2023-03-10T18:50:02.744Z",
"dateUpdated": "2025-01-13T16:59:24.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1343 (GCVE-0-2023-1343)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:06 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11f74b86-a050-4247-b310-045bf48fd4bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:50.630704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:34.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:06:46.944Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11f74b86-a050-4247-b310-045bf48fd4bd"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1343",
"datePublished": "2023-03-10T19:06:46.944Z",
"dateReserved": "2023-03-10T18:49:56.180Z",
"dateUpdated": "2025-01-13T16:59:34.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1342 (GCVE-0-2023-1342)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:06 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:53.783881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:45.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:06:29.768Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1342",
"datePublished": "2023-03-10T19:06:29.768Z",
"dateReserved": "2023-03-10T18:49:48.223Z",
"dateUpdated": "2025-01-13T16:59:45.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1341 (GCVE-0-2023-1341)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:05 – Updated: 2025-01-13 16:59
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d95b01c3-5db4-40ac-8787-0db58a9cc3a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:24:58.329703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:59:54.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:05:49.813Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d95b01c3-5db4-40ac-8787-0db58a9cc3a6"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1341",
"datePublished": "2023-03-10T19:05:49.813Z",
"dateReserved": "2023-03-10T18:49:40.150Z",
"dateUpdated": "2025-01-13T16:59:54.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1340 (GCVE-0-2023-1340)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:05 – Updated: 2025-01-13 17:00
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/488e26e2-d4d7-4036-a672-53c2d4c9d39b"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:25:01.380168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:00:05.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:05:24.140Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/488e26e2-d4d7-4036-a672-53c2d4c9d39b"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1340",
"datePublished": "2023-03-10T19:05:24.140Z",
"dateReserved": "2023-03-10T18:49:25.611Z",
"dateUpdated": "2025-01-13T17:00:05.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1334 (GCVE-0-2023-1334)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:02 – Updated: 2025-01-13 17:00
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3108ef4-f889-4ae1-b86f-cedf46dcea19"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:25:05.402520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:00:21.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin\u0027s cache."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:02:28.268Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3108ef4-f889-4ae1-b86f-cedf46dcea19"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1334",
"datePublished": "2023-03-10T19:02:28.268Z",
"dateReserved": "2023-03-10T18:31:39.753Z",
"dateUpdated": "2025-01-13T17:00:21.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1333 (GCVE-0-2023-1333)
Vulnerability from cvelistv5 – Published: 2023-03-10 19:02 – Updated: 2025-01-13 17:00
VLAI?
Summary
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shakee93 | RapidLoad Power-Up for Autoptimize |
Affected:
* , ≤ 1.7.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:25:08.151177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:00:29.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RapidLoad Power-Up for Autoptimize",
"vendor": "shakee93",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin\u0027s cache."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T19:02:13.023Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1\u0026old=2847136\u0026old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-13T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-03-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1333",
"datePublished": "2023-03-10T19:02:13.023Z",
"dateReserved": "2023-03-10T18:25:30.033Z",
"dateUpdated": "2025-01-13T17:00:29.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}