Swift Performance Lite
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-10516 | Hig | 0.53 | 8.1 | 0.06 | Dec 6, 2024 | The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing… | ||
| CVE-2024-3722 | Med | 0.35 | 5.4 | 0.00 | May 14, 2024 | The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access… | ||
| CVE-2024-37511 | Med | 0.28 | 4.3 | 0.00 | Jan 2, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in swte Swift Performance Lite swift-performance-lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through <= 2.3.6.20. | ||
| CVE-2023-6289 | Med | 0.28 | 4.3 | 0.01 | Dec 18, 2023 | The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. |
- risk 0.53cvss 8.1epss 0.06
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing…
- risk 0.35cvss 5.4epss 0.00
The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in swte Swift Performance Lite swift-performance-lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through <= 2.3.6.20.
- risk 0.28cvss 4.3epss 0.01
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.