WordPress Plugin Vulnerabilities

Core Web Vitals & PageSpeed Booster <= 1.0.27 - Missing Authorization

Description

The Core Web Vitals & PageSpeed Booster plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Nabil Irawan
Verified
No

Timeline

Publicly Published
2025-12-31 (about 6 months ago)
Added
2026-01-05 (about 5 months ago)
Last Updated
2026-01-05 (about 5 months ago)

Other