Browse all 3 CVE security advisories affecting GTmetrix. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GTmetrix primarily analyzes website performance and optimization, offering insights into loading speeds and user experience. Historically, the platform has been associated with vulnerabilities including cross-site scripting (XSS) and remote code execution (RCE), often stemming from improper input validation and insecure API endpoints. While no major security incidents have been widely documented, the three CVEs on record highlight potential risks in web application security. The service's integration with third-party tools and public-facing nature makes it a potential target for exploitation, particularly through stored XSS vulnerabilities that could compromise user accounts or inject malicious content into analysis reports.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-37996 | WordPress GTmetrix for WordPress Plugin <= 0.4.7 is vulnerable to Cross Site Request Forgery (CSRF) — GTmetrix for WordPressCWE-352 | 5.4 | Medium | 2023-10-03 |
| CVE-2023-32503 | WordPress GTmetrix for WordPress Plugin <= 0.4.6 is vulnerable to Cross Site Scripting (XSS) — GTmetrix for WordPressCWE-79 | 7.1 | High | 2023-08-08 |
| CVE-2023-23677 | WordPress GTmetrix for WordPress Plugin <= 0.4.5 is vulnerable to Cross Site Scripting (XSS) — GTmetrix for WordPressCWE-79 | 3.8 | Low | 2023-03-30 |
This page lists every published CVE security advisory associated with GTmetrix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.