VYPR

Swift Performance Lite

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-10516HigDec 6, 2024
    risk 0.53cvss 8.1epss 0.06

    The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing…

  • CVE-2024-3722MedMay 14, 2024
    risk 0.35cvss 5.4epss 0.00

    The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access…

  • CVE-2024-37511MedJan 2, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in swte Swift Performance Lite swift-performance-lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through <= 2.3.6.20.

  • CVE-2023-6289MedDec 18, 2023
    risk 0.28cvss 4.3epss 0.01

    The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.