exploitDog

CVE-2024-13651

Опубликовано: 01 фев. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rapidload:rapidload_power-up_for_autoptimize:*:*:*:*:*:wordpress:*:*

Версия до 2.4.5 (исключая)

EPSS

Процентиль: 28%

0.00102

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-j8ph-6cv6-w3vq

CVSS3: 4.3

github

около 1 года назад

The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.

EPSS

Процентиль: 28%

0.00102

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862