Search criteria
2 vulnerabilities by insights_from_google_pagespeed_project
CVE-2022-1672 (GCVE-0-2022-1672)
Vulnerability from cvelistv5 – Published: 2022-07-17 10:35 – Updated: 2024-08-03 00:10
VLAI
Title
Insights from Google PageSpeed < 4.0.7 - Multiple CSRF
Summary
The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5c5955d7-24f0-45… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Insights from Google PageSpeed |
Affected:
4.0.7 , < 4.0.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-78ef50446dad"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insights from Google PageSpeed",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0.7",
"status": "affected",
"version": "4.0.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T10:35:33.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-78ef50446dad"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insights from Google PageSpeed \u003c 4.0.7 - Multiple CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1672",
"STATE": "PUBLIC",
"TITLE": "Insights from Google PageSpeed \u003c 4.0.7 - Multiple CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insights from Google PageSpeed",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.0.7",
"version_value": "4.0.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-78ef50446dad",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-78ef50446dad"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1672",
"datePublished": "2022-07-17T10:35:33.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0431 (GCVE-0-2022-0431)
Vulnerability from cvelistv5 – Published: 2022-04-04 15:35 – Updated: 2024-08-02 23:25
VLAI
Title
Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting
Summary
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/52bd94df-8816-48… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2690415 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Insights from Google PageSpeed |
Affected:
4.0.4 , < 4.0.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2690415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insights from Google PageSpeed",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "4.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin\u0027s settings dashboard, leading to Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T15:35:44.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2690415"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Google Pagespeed Insights \u003c 4.0.4 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0431",
"STATE": "PUBLIC",
"TITLE": "Google Pagespeed Insights \u003c 4.0.4 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insights from Google PageSpeed",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.0.4",
"version_value": "4.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin\u0027s settings dashboard, leading to Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2690415",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2690415"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0431",
"datePublished": "2022-04-04T15:35:44.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}