CVE-2024-11840

Name of the Vulnerable Software and Affected Versions RapidLoad – Optimize Web Vitals Automatically plugin for WordPress versions prior to 2.4.3

Description The issue concerns unauthorized access and modification of data due to a missing capability check in several functions, including uucss data, update rapidload settings, wp ajax update htaccess file, uucss update rule, upload rules, get all rules, update titan settings, preload page, and activate module. This allows authenticated attackers with Subscriber-level access and above to modify plugin settings or conduct SQL injection attacks.

Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions until a patch is available. Restrict access to the plugin's settings and configuration to minimize the risk of exploitation. Avoid using the vulnerable functions in the affected API endpoints until the issue is resolved.