CVE-2022-0431

medium

Description

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting

References

https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca

https://plugins.trac.wordpress.org/changeset/2690415

Details

Source: Mitre, NVD

Published: 2022-04-04

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00071