CVE-2023-1337

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.

Related Vulnerabilities

CVE-2017-1000243

MEDIUM
CVSS:4.3(Medium)

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

CWE-8622017

CVE-2017-1000388

MEDIUM
CVSS:4.3(Medium)

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modif...

CWE-8622017

CVE-2017-1000390

MEDIUM
CVSS:4.3(Medium)

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.

CWE-8622017

CVE-2017-1000400

MEDIUM
CVSS:4.3(Medium)

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current ...

CWE-8622017

CVE-2017-17693

MEDIUM
CVSS:4.3(Medium)

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

CWE-8622017

CVE-2017-2662

MEDIUM
CVSS:4.3(Medium)

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respec...

CWE-8622017