cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1472,https://securityvulnerability.io/vulnerability/CVE-2023-1472,Cross-Site Request Forgery in RapidLoad Power-Up for Autoptimize Plugin by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress contains a vulnerability that exposes the plugin to Cross-Site Request Forgery (CSRF). This weakness arises from inadequate or incorrect nonce validation when handling AJAX requests. As a result, unauthenticated attackers can exploit this flaw to execute a range of functions by tricking an authorized admin into clicking on a malicious link. These functions may include resetting the API key, accessing or deleting log files, and compromise cache management, posing a significant security risk for affected sites.",Wordpress,RapidLoad Power-Up for Autoptimize,6.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2023-03-17T15:15:00.000Z,0
CVE-2023-1334,https://securityvulnerability.io/vulnerability/CVE-2023-1334,Unauthorized Cache Modification in RapidLoad Power-Up for Autoptimize Plugin for WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress suffers from a vulnerability that enables unauthorized cache alterations due to a lack of a capability check in the queue_posts function. This flaw allows authenticated users with only subscriber-level access to manipulate the plugin's cache, potentially leading to unauthorized changes in site content and performance.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1335,https://securityvulnerability.io/vulnerability/CVE-2023-1335,Unauthorized Plugin Settings Update in RapidLoad Power-Up for Autoptimize by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress has a security flaw that allows unauthorized users to update plugin settings because of a missing capability check in the ucss_connect function. This vulnerability affects version 1.7.1 and earlier, enabling attackers with at least subscriber-level access to connect a new license key to the site, potentially leading to unauthorized changes and access.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1336,https://securityvulnerability.io/vulnerability/CVE-2023-1336,Unauthorized Access in RapidLoad Power-Up for Autoptimize Plugin for WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress contains a security flaw allowing authenticated attackers with subscriber-level access to perform an unauthorized settings update. This occurs due to a missing capability check in the ajax_deactivate function, which can lead to disabling the caching functionality of the plugin. As a result, websites utilizing this plugin may experience performance degradation and increased load times if the vulnerability is exploited.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1337,https://securityvulnerability.io/vulnerability/CVE-2023-1337,Unauthorized Data Loss Vulnerability in RapidLoad Power-Up for Autoptimize Plugin,"The RapidLoad Power-Up for Autoptimize plugin for WordPress is affected by a vulnerability that allows authenticated attackers with subscriber-level access to perform unauthorized actions. Specifically, there is a missing capability check on the clear_uucss_logs function, which can lead to the deletion of critical plugin log files. This presents a significant risk of data loss for users relying on the plugin for performance optimization.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0005000000237487257,false,,false,false,true,true,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1338,https://securityvulnerability.io/vulnerability/CVE-2023-1338,Unauthorized Cache Modification in Autoptimize Plugin for WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress suffers from a vulnerability that enables unauthorized cache modification. This issue arises from a missing capability check in the attach_rule function, affecting versions up to and including 1.7.1. Authenticated users with subscriber-level access can exploit this flaw to alter cache rules, potentially compromising website functionality and security.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1339,https://securityvulnerability.io/vulnerability/CVE-2023-1339,Unauthorized Settings Update in RapidLoad Power-Up for Autoptimize Plugin by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress has a vulnerability that allows authenticated attackers with subscriber-level access to update caching rules through the uucss_update_rule function. This occurs due to a missing capability check in versions up to and including 1.7.1, potentially leading to unauthorized modifications that can affect site performance.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1333,https://securityvulnerability.io/vulnerability/CVE-2023-1333,Unauthorized Data Loss in Autoptimize Plugin for WordPress,"The RapidLoad Power-Up for the Autoptimize plugin for WordPress is susceptible to unauthorized data deletion due to a lack of capability checks in the clear_page_cache function. This vulnerability affects versions up to and including 1.7.1, allowing authenticated attackers with subscriber-level access to delete the plugin's cache, potentially impacting site performance and user experience.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1341,https://securityvulnerability.io/vulnerability/CVE-2023-1341,Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize Plugin by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress is susceptible to a Cross-Site Request Forgery, allowing unauthenticated attackers to disable caching. This vulnerability arises from inadequate nonce validation in the ajax_deactivate function, which could enable attackers to deceive site administrators into executing harmful actions by merely clicking a manipulated link.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1342,https://securityvulnerability.io/vulnerability/CVE-2023-1342,Cross-Site Request Forgery in RapidLoad Power-Up for Autoptimize Plugin by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in its ucss_connect function. This vulnerability enables unauthenticated attackers to take advantage of unsuspecting site administrators by tricking them into executing actions, such as clicking a malicious link, thereby allowing attackers to connect the site to a new license key without authorization.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1343,https://securityvulnerability.io/vulnerability/CVE-2023-1343,Cross-Site Request Forgery in RapidLoad Power-Up for Autoptimize Plugin by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the attach_rule function. This vulnerability allows unauthenticated attackers to manipulate the plugin's cache if they can trick a legitimate administrator into executing an action, such as clicking a malicious link. This lack of proper validation can lead to unauthorized actions being performed on behalf of the user, potentially compromising site integrity and functionality.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1344,https://securityvulnerability.io/vulnerability/CVE-2023-1344,Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize Plugin by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress contains a security flaw due to inadequate nonce validation in the uucss_update_rule function. This vulnerability allows unauthorized attackers to exploit the plugin's cache manipulation capabilities. By deceiving a site administrator into executing a crafted action, such as clicking an illegitimate link, attackers can potentially compromise site integrity and alter caching behaviors without necessary authorization.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1345,https://securityvulnerability.io/vulnerability/CVE-2023-1345,Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize Plugin,"The RapidLoad Power-Up for Autoptimize plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the queue_posts function. This flaw allows unauthenticated attackers to manipulate the plugin's cache by tricking site administrators into executing actions via deceptive requests, potentially compromising the site’s integrity.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1346,https://securityvulnerability.io/vulnerability/CVE-2023-1346,Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress suffers from a vulnerability that allows unauthenticated attackers to exploit missing or improperly configured nonce validation in its clear_page_cache function. This flaw can enable attackers to clear the plugin's cache by tricking a site administrator into clicking on a malicious link. The vulnerability affects all versions up to and including 1.7.1, potentially compromising the integrity of the website's caching system.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0
CVE-2023-1340,https://securityvulnerability.io/vulnerability/CVE-2023-1340,Cross-Site Request Forgery in RapidLoad Power-Up for Autoptimize by WordPress,"The RapidLoad Power-Up for Autoptimize plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the clear_uucss_logs function. This flaw allows unauthenticated attackers to clear plugin logs by tricking a legitimate site administrator into executing a request, potentially compromising important logging information.",Wordpress,RapidLoad Power-Up for Autoptimize,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-03-10T20:15:00.000Z,0