CVE-2022-1672

Name of the Vulnerable Software and Affected Versions Insights from Google PageSpeed WordPress plugin versions prior to 4.0.7

Description The issue concerns a lack of CSRF verification in the plugin, allowing attackers to perform actions such as deleting Custom URLs on behalf of a logged-in admin via CSRF attacks.

Recommendations For versions prior to 4.0.7, update to version 4.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.