CVE-2022-1672

HIGH

Insights from Google PageSpeed < 4.0.7 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-78ef50446dad

Scores

CVSS v3 8.8
EPSS 0.0051
EPSS Percentile 39.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
insights_from_google_pagespeed_project/insights_from_google_pagespeed < 4.0.7
Published Jul 17, 2022
Tracked Since Feb 18, 2026