RSS   Vulnerabilities for 'Insights from google pagespeed'   RSS

2022-07-17
 
CVE-2022-1672

CWE-352
 

 
The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

 
2022-04-04
 
CVE-2022-0431

CWE-79
 

 
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting

 


Copyright 2024, cxsecurity.com

 

Back to Top