Vulnerability Description
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/3202982/unusedcss
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2c8ff4ec-9b40-4d59-b3b
FAQ
What is CVE-2024-11840?
CVE-2024-11840 is a vulnerability with a CVSS score of 7.1 (HIGH). The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update...
How severe is CVE-2024-11840?
CVE-2024-11840 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-11840?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.