CVE-2024-11840 Information

Description

The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data update_rapidload_settings wp_ajax_update_htaccess_file uucss_update_rule upload_rules get_all_rules update_titan_settings preload_page and activate_module functions in all versions up to and including 2.4.2. This makes it possible for authenticated attackers with Subscriber-level access and above to modify plugin settings or conduct SQL injection attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Reference

https://plugins.trac.wordpress.org/changeset/3202982/unusedcss https://www.wordfence.com/threat-intel/vulnerabilities/id/2c8ff4ec-9b40-4d59-b3b0-382f91042a4a?source=cve

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

NONE

Base Severity

7.1