WordPress RapidLoad Power-Up for Autoptimize Plugin <= 1.6.35 is vulnerable to SQL Injection
CVE-2022-47593

8.5HIGH

Key Information:

Vendor: WordPress
Status: Rapidload Power-up For Autoptimize
Vendor: CVE Published:; 22 June 2023

Summary

The RapidLoad Power-Up for Autoptimize plugin contains an authenticated SQL Injection vulnerability that can be exploited by users with subscriber-level access or higher. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access and disclosure. It affects all versions up to 1.6.35, necessitating immediate attention for users of the plugin to mitigate possible exploitation.

Affected Version(s)

RapidLoad Power-Up for Autoptimize <= 1.6.35

References

https://patchstack.com/database/vulnerability/unusedcss/w...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Dec 20, 2022

Credit

Le Ngoc Anh (Patchstack Alliance)