The vulnerability is a Cross‑Site Request Forgery flaw that exists in the Advanced Speed Increaser plugin up to version 2.2.1. An attacker can construct a malicious page that causes a logged‑in visitor to send requests to the site, making the WordPress administrator or any authenticated user submit unintended actions. This flaw does not allow direct code execution but can be used to trigger plugin functions and potentially affect site data or configuration. The weakness is documented as CWE‑352, a well‑known CSRF vulnerability.

WordPress sites running the Advanced Speed Increaser plugin by Animesh Kumar with any version from the earliest available up to and including 2.2.1 are affected. No other plugins or WordPress core components are reported vulnerable.

The CVSS score of 4.3 indicates a low‑to‑moderate risk, and the EPSS score of less than 1% shows a very low but non‑zero exploitation probability. The vulnerability is not listed in the CISA KEV catalog, suggesting no evidence of widespread exploitation yet. Attackers would need a victim who is authenticated to the site and who visits a malicious page. Because the flaw allows arbitrary requests to be sent on behalf of the victim, it could be leveraged to amplify other attacks such as privilege escalation or data corruption if the plugin exposes sensitive functionality. Though the direct impact is limited compared to high‑severity bugs, the ease of exploitation and the ability to act with user privileges make it important to address promptly.