CVE-2024-5810

Name of the Vulnerable Software and Affected Versions: WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress versions up to, and including, 1.0.1

Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests. This allows unauthenticated attackers to overwrite CSS, update trial settings, purge the cache, and find attachments.

Recommendations: For versions up to, and including, 1.0.1, consider disabling the plugin until a patch is available to prevent unauthorized access. Restrict access to the plugin's API endpoints to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved with a newer version that does not use hardcoded credentials for authentication.