CVE-2024-5810

medium

Description

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165

https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152

Details

Source: Mitre, NVD

Published: 2024-07-09

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00346