CVE-2024-5810

MEDIUM 5.3

WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.

CWE	CWE-798
Vendor	wp2speed
Product	wp2speed faster – optimize pagespeed insights score 90-100
Published	Jul 9, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for wp2speed wp2speed faster – optimize pagespeed insights score 90-100

Be the first to know when new medium vulnerabilities affecting wp2speed wp2speed faster – optimize pagespeed insights score 90-100 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

wp2speed / WP2Speed Faster – Optimize PageSpeed Insights Score 90-100

0 ≤ 1.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

Lucio Sá