Lucene search
K

54 matches found

Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.5 views

PT-2023-25362 · Unknown · Magazine3 Core Web Vitals & Pagespeed Booster

Name of the Vulnerable Software and Affected Versions: Magazine3 Core Web Vitals & PageSpeed Booster versions 1.0.12 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability allows an attacker to...

6.1CVSS6.5AI score0.00478EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.4 views

WordPress plugin Core Web Vitals & PageSpeed Booster Input Validation Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

6.1CVSS6.7AI score0.00478EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/06/19 12:0 a.m.14 views

WordPress Core Web Vitals & PageSpeed Booster Plugin <= 1.0.12 is vulnerable to Open Redirection

Software Core Web Vitals & PageSpeed Booster Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A10: Insufficient Logging & Monitoring Classification Open Redirection CVE CVE-2023-35883 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID bd173d35df9c Credits...

6.1CVSS6.6AI score0.00478EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/07/19 12:0 a.m.24 views

WordPress plugin Insights from Google PageSpeed Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Insights...

8.8CVSS8.7AI score0.00512EPSS
Exploits2References1
NVD
NVD
added 2022/07/17 11:15 a.m.23 views

CVE-2022-1672

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

8.8CVSS0.00512EPSS
Exploits2References1
OSV
OSV
added 2022/07/17 11:15 a.m.2 views

CVE-2022-1672

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

8.8CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/07/17 11:15 a.m.17 views

Cross site request forgery (csrf)

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

6.8CVSS8.5AI score0.00512EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/07/17 10:35 a.m.24 views

CVE-2022-1672 Insights from Google PageSpeed < 4.0.7 - Multiple CSRF

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

8.8AI score0.00512EPSS
Exploits2References1
CVE
CVE
added 2022/07/17 10:35 a.m.67 views

CVE-2022-1672

The CVE-2022-1672 entry concerns the WordPress plugin Insights from Google PageSpeed (pre-4.0.7). The issue is a CSRF vulnerability where the plugin does not verify CSRF before performing actions (e.g., deleting Custom URLs), potentially allowing an attacker to cause a logged-in administrator to ...

8.8CVSS8.6AI score0.00512EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/07/17 12:0 a.m.5 views

WordPress plugin Insights from Google PageSpeed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Insights...

8.8CVSS5.5AI score0.00512EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.135 views

Insights from Google PageSpeed < 4.0.7 - Multiple CSRF

The plugin does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

8.8CVSS2.8AI score0.00512EPSS
Exploits2
Patchstack
Patchstack
added 2022/06/27 12:0 a.m.25 views

WordPress Insights from Google PageSpeed plugin <= 4.0.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in WordPress Insights from the Google PageSpeed plugin versions = 4.0.6. Solution Update the WordPress Insights from Google PageSpeed plugin to the latest available version at least 4.0.7...

8.8CVSS2.5AI score0.00512EPSS
Exploits2References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:22 p.m.3 views

Malicious code in pagespeed-inslides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad7951a944d18efc9e4f2b2b9c2ec8eb79aa3728602ed1ef0049936b446fc8d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:22 p.m.6 views

MAL-2022-5191 Malicious code in pagespeed-inslides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad7951a944d18efc9e4f2b2b9c2ec8eb79aa3728602ed1ef0049936b446fc8d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 7:27 a.m.3 views

Malicious code in pagespeed-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2c0399bc510c865efade36928587be5f73f5ea8b9aa6b239c38951cd94aabb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 7:27 a.m.5 views

MAL-2022-5192 Malicious code in pagespeed-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2c0399bc510c865efade36928587be5f73f5ea8b9aa6b239c38951cd94aabb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.28 views

WordPress Insights from Google PageSpeed plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Insights from Google PageSpeed...

4.3CVSS1.1AI score0.00863EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/04/04 4:15 p.m.27 views

CVE-2022-0431

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS0.00863EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.10 views

CVE-2022-0431

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00863EPSS
Exploits2References3
OSV
OSV
added 2022/04/04 4:15 p.m.3 views

CVE-2022-0431

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00863EPSS
Exploits2References2
Rows per page
Query Builder