Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autoptimize autoptimize vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2113
The Autoptimize WordPress plugin prior to 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is di...
Autoptimize Autoptimize
3.5
CVSSv2
CVE-2021-24332
The Autoptimize WordPress plugin prior to 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues
Autoptimize Autoptimize
6.8
CVSSv2
CVE-2021-24377
The Autoptimize WordPress plugin prior to 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the m...
Autoptimize Autoptimize
6.5
CVSSv2
CVE-2020-24948
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
Autoptimize Autoptimize
NA
CVE-2022-2635
The Autoptimize WordPress plugin prior to 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Autoptimize Autoptimize
3.5
CVSSv2
CVE-2021-24378
The Autoptimize WordPress plugin prior to 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside...
Autoptimize Autoptimize
7.5
CVSSv2
CVE-2021-24376
The Autoptimize WordPress plugin prior to 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which c...
Autoptimize Autoptimize
NA
CVE-2023-1342
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated malicious...
Rapidload Power-up For Autoptimize
NA
CVE-2023-1346
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated malic...
Rapidload Power-up For Autoptimize
NA
CVE-2023-1333
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-le...
Rapidload Power-up For Autoptimize
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »