CVE-2024-5810

EUVD-2024-46958
The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
wp2speedwp2speed
𝑥
≤ 1.0.1
ADP
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71
https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71
https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve