exploitDog

CVE-2023-1337

Опубликовано: 10 мар. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rapidload:power-up_for_autoptimize:*:*:*:*:*:wordpress:*:*

Версия до 1.7.1 (включая)

EPSS

Процентиль: 82%

0.01703

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-4v29-63c9-ww7w

CVSS3: 4.3

github

почти 3 года назад

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.

EPSS

Процентиль: 82%

0.01703

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862