Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:F95CB064-EEF1-4210-BDF3-93661CA36F9C
HistoryMar 10, 2023 - 12:00 a.m.

RapidLoad Power-Up for Autoptimize < 1.7.2 - Unauthorised AJAX Calls

2023-03-1000:00:00
wpscan.com
7
plugin
authorisation
csrf
ajax
logs
subscriber
attacks

0.001 Low

EPSS

Percentile

32.2%

JSON

The plugin does not have authorisation and CSRF checks in various AJAX actions (such as deleting logs files etc), allowing them to be called by any authenticated users, such a subscriber or via CSRF attacks

CPENameOperatorVersion
unusedcsslt1.7.2

Related

wpvulndb 1
wordfence 2
nvd 15
cve 15
prion 15
cvelist 15
githubexploit 1
wpvulndb
wpvulndb
RapidLoad Power-Up for Autoptimize < 1.7.2 - Multiple Subscriber+ Unauthorised AJAX Calls
2023-03-10 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 6, 2023 to Mar 12, 2023)
2023-03-16 13:53:38
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)
2023-03-23 13:52:54
nvd
nvd
CVE-2023-1346
2023-03-10 20:15:11
CVE-2023-1340
2023-03-10 20:15:10
CVE-2023-1338
2023-03-10 20:15:10
cve
cve
CVE-2023-1340
2023-03-10 20:15:10
CVE-2023-1338
2023-03-10 20:15:10
CVE-2023-1346
2023-03-10 20:15:11
prion
prion
Cross site request forgery (csrf)
2023-03-10 20:15:00
Cross site request forgery (csrf)
2023-03-10 20:15:00
Design/Logic Flaw
2023-03-10 20:15:00
cvelist
cvelist
CVE-2023-1339
2023-03-10 19:19:45
CVE-2023-1338
2023-03-10 19:20:19
CVE-2023-1340
2023-03-10 19:05:24
githubexploit
githubexploit
Exploit for Missing Authorization in Rapidload Power-Up For Autoptimize
2023-12-19 13:01:43

0.001 Low

EPSS

Percentile

32.2%

JSON
Related for WPVDB-ID:F95CB064-EEF1-4210-BDF3-93661CA36F9C
wpvulndb1wordfence2nvd15cve15prion15cvelist15githubexploit1