Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autoptimize autoptimize vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-24332
The Autoptimize WordPress plugin prior to 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues
Autoptimize Autoptimize
9.8
CVSSv3
CVE-2021-24376
The Autoptimize WordPress plugin prior to 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which c...
Autoptimize Autoptimize
4.8
CVSSv3
CVE-2023-2113
The Autoptimize WordPress plugin prior to 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is di...
Autoptimize Autoptimize
7.2
CVSSv3
CVE-2020-24948
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
Autoptimize Autoptimize
4.8
CVSSv3
CVE-2022-2635
The Autoptimize WordPress plugin prior to 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Autoptimize Autoptimize
8.1
CVSSv3
CVE-2021-24377
The Autoptimize WordPress plugin prior to 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the m...
Autoptimize Autoptimize
4.8
CVSSv3
CVE-2021-24378
The Autoptimize WordPress plugin prior to 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside...
Autoptimize Autoptimize
4.3
CVSSv3
CVE-2023-1333
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-le...
Rapidload Power-up For Autoptimize
4.3
CVSSv3
CVE-2023-1334
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-l...
Rapidload Power-up For Autoptimize
4.3
CVSSv3
CVE-2023-1335
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscri...
Rapidload Power-up For Autoptimize
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »