Swte Swift Performance Lite vulnerabilities
3 known vulnerabilities affecting swte/swift_performance_lite.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-10516P2HIGHCVSS 8.1PoC≤ 2.3.7.12024-12-06
CVE-2024-10516 [HIGH] CWE-22 CVE-2024-10516: The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all ver
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass a
nvd
CVE-2024-3722P4MEDIUMCVSS 5.4≤ 2.3.6.182024-05-14
CVE-2024-3722 [MEDIUM] CWE-863 CVE-2024-3722: The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missin
The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve and modify settings.
nvd
CVE-2024-37511P4MEDIUMCVSS 4.3≤ 2.3.6.202025-01-02
CVE-2024-37511 [MEDIUM] CWE-352 CVE-2024-37511: Cross-Site Request Forgery (CSRF) vulnerability in swte Swift Performance Lite swift-performance-lit
Cross-Site Request Forgery (CSRF) vulnerability in swte Swift Performance Lite swift-performance-lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through <= 2.3.6.20.
nvd