Insights from Google PageSpeed < 4.0.7 - Multiple CSRF
CVE-2022-1672

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Insights From Google Pagespeed
Vendor: CVE Published:; 17 July 2022

Summary

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

Affected Version(s)

Insights from Google PageSpeed 4.0.7

References

https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2022
Vulnerability Reserved
May 11, 2022

Credit

Daniel Ruf