The Insights from Google PageSpeed WordPress plugin prior to 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow malicious users to make a logged in admin perform such actions via CSRF attacks
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
insights from google pagespeed project insights from google pagespeed |