Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize Plugin
CVE-2023-1345

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: RapidLoad Power-Up for Autoptimize
Vendor: CVE Published:; 10 March 2023

What is CVE-2023-1345?

The RapidLoad Power-Up for Autoptimize plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the queue_posts function. This flaw allows unauthenticated attackers to manipulate the plugin's cache by tricking site administrators into executing actions via deceptive requests, potentially compromising the site’s integrity.

Affected Version(s)

RapidLoad Power-Up for Autoptimize * <= 1.7.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2877726/unus...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2023
Vulnerability Reserved
Mar 10, 2023

Credit

Marco Wotschka

Wordpress

What is CVE-2023-1345?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit