How serious is CVE-2023-1333?

This vulnerability has a CVSS score of 4.3 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2023-1333?

Yes, proof-of-concept exploit code for CVE-2023-1333 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2023-1333?

CVE-2023-1333 affects rapidload rapidload power-up for autoptimize. Check the full CVE details for specific version information.

How do I fix CVE-2023-1333?

To remediate CVE-2023-1333, check for security patches from rapidload. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2023-1333

Medium

|4.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker with a subscriber-level account on a WordPress site to delete the cache of the RapidLoad Power-Up for Autoptimize plugin, potentially disrupting site performance. It occurs because the plugin doesn't properly check if the user has permission to perform this action, making it accessible to anyone with a basic account.

Technical Description

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactLow

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$552($500-$1K)

Vendor Response

Grade FPatched in 1071 days

Quick Information

Published

Mar 10, 2023

almost 3 years ago

Last Modified

Feb 13, 2026

7 days ago

Vendor

rapidload

Product

rapidload power-up for autoptimize

Related Vulnerabilities

CVE-2023-1346Medium

An attacker can trick a site administrator into clicking a link that clears the cache of the RapidLoad Power-Up for Autoptimize plugin, potentially disrupting the website's performance. This vulnerability affects versions up to 1.7.1 and requires no special access, just the ability to deceive the admin into taking the action.