CVE-2024-5810

The WP2Speed Faster  Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WordfenceCNA
5.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
References
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71
https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372
https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71
https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve