CSRF Vulnerability in Google PageSpeed WordPress Plugin (<=4.0.7) Allows Unauthorized Actions

CSRF Vulnerability in Google PageSpeed WordPress Plugin (<=4.0.7) Allows Unauthorized Actions

CVE-2022-1672 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

Learn more about our Wordpress Pen Testing.