Lucene search
WpvulndbWPVDB-ID:61001DB3-6183-43B3-976C-06C2D7991683HistoryMar 10, 2023 - 12:00 a.m.
RapidLoad Power-Up for Autoptimize < 1.7.2 - Multiple Subscriber+ Unauthorised AJAX Calls
2023-03-1000:00:00
wpscan.com
18
rapidload power-up
autoptimize
unauthorized ajax calls
csrf checks
subscriber
cache modification
0.001 Low
EPSS
Percentile
32.2%
The plugin does not have authorisation and CSRF checks in multiple AJAX actions, which could allow users with a role as low as subscriber (or an attacker making any authenticated user open a malicious page) to call them and modify the plugins cache, add a new license, delete logs files, update cache rules etc.
Related
wpvulndb
wpvulndb
RapidLoad Power-Up for Autoptimize < 1.7.2 - Unauthorised AJAX Calls
2023-03-10 00:00:00
wordfence
wordfence
prion
prion
Cross site request forgery (csrf)
2023-03-10 20:15:00
Design/Logic Flaw
2023-03-10 20:15:00
Cross site request forgery (csrf)
2023-03-10 20:15:00
cve
cve
cvelist
cvelist
nvd
nvd
githubexploit
githubexploit
Exploit for Missing Authorization in Rapidload Power-Up For Autoptimize
2023-12-19 13:01:43