54 matches found
Cross site scripting
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...
CVE-2022-0431
Summary (CVE-2022-0431) The vulnerability affects the WordPress Insights from Google PageSpeed plugin prior to version 4.0.4. The issue arises because the plugin does not sanitise and escape several parameters when outputting them in attributes on the settings dashboard, enabling a Reflected Cros...
CVE-2022-0431 Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...
WordPress plugin Insights from Google PageSpeed 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Insights from Google PageSpeed...
Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...
Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting PoC...
WordPress Insights from Google PageSpeed plugin <= 4.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Insights from Google PageSpeed plugin versions = 4.0.3. Solution Update the WordPress Insights from Google PageSpeed plugin to the latest available version at least 4.0.4,...
CVE-2021-25023
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...
Sql injection
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...
Design/Logic Flaw
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...
Lighthouse, PageSpeed insights usage up 70% with core web vitals looming
By Owais Sultan With Google’s massive page experience update and its Core Web Vitals on the horizon, it seems that webmasters and marketers are doing their homework at the last minute, as usual. This is a post from HackRead.com Read the original post: Lighthouse, PageSpeed insights usage up 70%...
Palo Alto Software: Unauthorised access to pagespeed global admin at https://webtools.paloalto.com/
Summary: I came across this subdomain https://webtools.paloalto.com/ which took my attention, after a bit enumeration I found an endpoint which allows anyone to access PageSpeed Global Admin without any type of authentication. Vulnerable URL: https://webtools.paloalto.com/pagespeed-global-admin/...
PageSpeed Modules (mod_pagespeed/ngx_pagespeed) Admin Pages accessible
The script attempts to identify Admin Pages of the PageSpeed Modules modpagespeed/ngxpagespeed. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...