CVE-2022-1672
Insights from Google PageSpeed < 4.0.7 - Multiple CSRF
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
17 Jul 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
Affected products
Unknown · Insights from Google PageSpeedWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →