Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autoptimize autoptimize vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24376
The Autoptimize WordPress plugin prior to 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which c...
Autoptimize Autoptimize
8.1
CVSSv3
CVE-2021-24377
The Autoptimize WordPress plugin prior to 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the m...
Autoptimize Autoptimize
7.2
CVSSv3
CVE-2020-24948
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
Autoptimize Autoptimize
6.5
CVSSv3
CVE-2022-47593
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions.
Rapidload Rapidload Power-up For Autoptimize
6.3
CVSSv3
CVE-2023-1472
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated malicious users to...
Rapidload Rapidload Power-up For Autoptimize
5.3
CVSSv3
CVE-2022-4057
The Autoptimize WordPress plugin prior to 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
Optimizingmatters Autooptimize
4.8
CVSSv3
CVE-2023-2113
The Autoptimize WordPress plugin prior to 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is di...
Autoptimize Autoptimize
4.8
CVSSv3
CVE-2022-2635
The Autoptimize WordPress plugin prior to 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Autoptimize Autoptimize
4.8
CVSSv3
CVE-2021-24378
The Autoptimize WordPress plugin prior to 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside...
Autoptimize Autoptimize
4.8
CVSSv3
CVE-2021-24332
The Autoptimize WordPress plugin prior to 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues
Autoptimize Autoptimize
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »