Skip to main content

Rapidload Power Up For Autoptimize CVE-2024-13651

MEDIUM
Missing Authorization (CWE-862)
2025-02-01 security@wordfence.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:06 vuln.today
Patch released
Mar 28, 2026 - 18:06 nvd
Patch available
CVE Published
Feb 01, 2025 - 04:15 nvd
MEDIUM 4.3

DescriptionCVE.org

The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.

AnalysisAI

The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings. Affected products include: Rapidload Rapidload Power-Up For Autoptimize.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

CVE-2022-47593 HIGH
8.5 Jun 22

Auth. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch

CVE-2023-1472 MEDIUM
6.3 Mar 17

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t

CVE-2023-1337 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing cap

CVE-2023-1339 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missi

CVE-2023-1338 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a mi

CVE-2023-1336 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missi

CVE-2023-1335 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to

CVE-2023-1334 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a mi

CVE-2023-1333 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing

CVE-2023-1346 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t

CVE-2023-1345 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t

CVE-2023-1344 MEDIUM
4.3 Mar 10

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t

Share

CVE-2024-13651 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy