This vulnerability, identified as CVE-2024-31288 and classified under CWE-918 (Server-Side Request Forgery), affects the RapidLoad Power-Up for Autoptimize plugin up to version 2.2.11. SSRF vulnerabilities enable attackers to make the affected server perform unintended HTTP requests, potentially exposing internal resources or sensitive data. The CVSS vector indicates the attack can be performed remotely without privileges or user interaction, with a scope change and partial impact on confidentiality and integrity. Currently, there is no official remediation or patch available from the vendor, and the vulnerability is not related to a cloud service. No active exploitation has been reported.

An attacker can exploit this SSRF vulnerability to make the server send crafted requests to internal or external systems, potentially leading to unauthorized information disclosure or manipulation of data. The impact affects confidentiality and integrity but does not affect availability. Since the vulnerability can be exploited remotely without authentication, it poses a significant risk if left unmitigated.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or restricting the use of the RapidLoad Power-Up for Autoptimize plugin if possible. Monitor vendor channels for updates and apply patches promptly once available.