CVE-2024-5810

MEDIUM

WP2Speed Faster - Unauthorized Access

Title source: llm

Description

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.

References (6)

Core 6

Core References

Product

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165

Product

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263

Product

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372

Product

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71

Product

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve

Scores

CVSS v3 5.3

EPSS 0.0044

EPSS Percentile 35.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

wp2speed/WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 < 1.0.1

Published Jul 09, 2024

Tracked Since Feb 18, 2026