The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
CPE | Name | Operator | Version |
---|---|---|---|
insights_from_google_pagespeed | lt | 4.0.7 |