54 matches found
PT-2023-25362 · Unknown · Magazine3 Core Web Vitals & Pagespeed Booster
Name of the Vulnerable Software and Affected Versions: Magazine3 Core Web Vitals & PageSpeed Booster versions 1.0.12 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability allows an attacker to...
WordPress plugin Core Web Vitals & PageSpeed Booster Input Validation Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
WordPress Core Web Vitals & PageSpeed Booster Plugin <= 1.0.12 is vulnerable to Open Redirection
Software Core Web Vitals & PageSpeed Booster Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A10: Insufficient Logging & Monitoring Classification Open Redirection CVE CVE-2023-35883 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID bd173d35df9c Credits...
WordPress plugin Insights from Google PageSpeed Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Insights...
CVE-2022-1672
The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...
CVE-2022-1672
The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...
Cross site request forgery (csrf)
The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...
CVE-2022-1672 Insights from Google PageSpeed < 4.0.7 - Multiple CSRF
The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...
CVE-2022-1672
The CVE-2022-1672 entry concerns the WordPress plugin Insights from Google PageSpeed (pre-4.0.7). The issue is a CSRF vulnerability where the plugin does not verify CSRF before performing actions (e.g., deleting Custom URLs), potentially allowing an attacker to cause a logged-in administrator to ...
WordPress plugin Insights from Google PageSpeed 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Insights...
Insights from Google PageSpeed < 4.0.7 - Multiple CSRF
The plugin does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...
WordPress Insights from Google PageSpeed plugin <= 4.0.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in WordPress Insights from the Google PageSpeed plugin versions = 4.0.6. Solution Update the WordPress Insights from Google PageSpeed plugin to the latest available version at least 4.0.7...
Malicious code in pagespeed-inslides (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad7951a944d18efc9e4f2b2b9c2ec8eb79aa3728602ed1ef0049936b446fc8d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5191 Malicious code in pagespeed-inslides (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad7951a944d18efc9e4f2b2b9c2ec8eb79aa3728602ed1ef0049936b446fc8d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pagespeed-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2c0399bc510c865efade36928587be5f73f5ea8b9aa6b239c38951cd94aabb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5192 Malicious code in pagespeed-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2c0399bc510c865efade36928587be5f73f5ea8b9aa6b239c38951cd94aabb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Insights from Google PageSpeed plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Insights from Google PageSpeed...
CVE-2022-0431
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...
CVE-2022-0431
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...
CVE-2022-0431
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...