How serious is CVE-2023-1346?

This vulnerability has a CVSS score of 4.3 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2023-1346?

Yes, proof-of-concept exploit code for CVE-2023-1346 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2023-1346?

CVE-2023-1346 affects rapidload rapidload power-up for autoptimize. Check the full CVE details for specific version information.

How do I fix CVE-2023-1346?

To remediate CVE-2023-1346, check for security patches from rapidload. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2023-1346

Medium

|4.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker can trick a site administrator into clicking a link that clears the cache of the RapidLoad Power-Up for Autoptimize plugin, potentially disrupting the website's performance. This vulnerability affects versions up to 1.7.1 and requires no special access, just the ability to deceive the admin into taking the action.

Technical Description

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

Confidentiality ImpactNone

Integrity ImpactLow

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$552($500-$1K)

Vendor Response

Grade FPatched in 1071 days

Quick Information

Published

Mar 10, 2023

almost 3 years ago

Last Modified

Feb 13, 2026

7 days ago

Vendor

rapidload

Product

rapidload power-up for autoptimize

Related Vulnerabilities

CVE-2023-1333Medium

This vulnerability allows an attacker with a subscriber-level account on a WordPress site to delete the cache of the RapidLoad Power-Up for Autoptimize plugin, potentially disrupting site performance. It occurs because the plugin doesn't properly check if the user has permission to perform this action, making it accessible to anyone with a basic account.