CVE-2023-1333
📋 TL;DR
The RapidLoad Power-Up for Autoptimize WordPress plugin has a missing capability check that allows authenticated users with subscriber-level access to delete the plugin's cache. This vulnerability affects all WordPress sites using the plugin up to version 1.7.1, potentially causing performance degradation through cache deletion.
💻 Affected Systems
- RapidLoad Power-Up for Autoptimize WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could repeatedly delete cache causing significant performance degradation, potentially leading to denial of service conditions during high traffic periods.
Likely Case
Malicious users or compromised accounts delete cache, causing temporary performance issues until cache rebuilds.
If Mitigated
Minimal impact with proper access controls and monitoring in place.
🎯 Exploit Status
Exploitation requires authenticated access but only at subscriber level, which is the lowest WordPress user role.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'RapidLoad Power-Up for Autoptimize'
4. Click 'Update Now' if available
5. Alternatively, download version 1.7.2+ from WordPress repository and manually update
🔧 Temporary Workarounds
Remove vulnerable plugin
allTemporarily disable or remove the RapidLoad Power-Up for Autoptimize plugin until patched
wp plugin deactivate rapidload-power-up-for-autoptimize
wp plugin delete rapidload-power-up-for-autoptimize
Restrict user registration
allDisable new user registration to prevent attackers from creating subscriber accounts
🧯 If You Can't Patch
- Implement strict access controls and monitor for unauthorized cache clearing activities
- Consider using alternative caching solutions until patch can be applied
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → RapidLoad Power-Up for Autoptimize → Version. If version is 1.7.1 or lower, you are vulnerable.Check Version:
wp plugin get rapidload-power-up-for-autoptimize --field=versionVerify Fix Applied:
Verify plugin version is 1.7.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual cache clearing events from subscriber-level users
- Multiple cache deletion requests from single user accounts
Network Indicators:
- POST requests to admin-ajax.php with action=clear_page_cache from non-admin users
SIEM Query:
source="wordpress.log" AND "clear_page_cache" AND user_role="subscriber"🔗 References
- https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef
- https://plugins.trac.wordpress.org/changeset/2877726/unusedcss/trunk/includes/modules/unused-css/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef
