Unauthorized Data Access and Modification Vulnerability in RapidLoad Web Vitals Automatically Plugin
CVE-2024-11840

7.1HIGH

Key Information:

Vendor

Wordpress
Status
Rapidload – Optimize Web Vitals Automatically
Vendor
CVE Published:
11 December 2024

What is CVE-2024-11840?

The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress presents a security risk due to a lack of capability checks on several critical functions such as uucss_data and update_rapidload_settings. This vulnerability affects all versions up to and including 2.4.2, enabling authenticated attackers with Subscriber-level access or higher to manipulate plugin settings and potentially execute SQL injection attacks. These security gaps could compromise the integrity and confidentiality of website data, highlighting the importance of timely updates and security assessments for users of the RapidLoad plugin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RapidLoad – Optimize Web Vitals Automatically * <= 2.4.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/3202982/unus...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucio SΓ‘
JSON
.