CVE-2023-32512

CVE-2023-32512 is a CSRF vulnerability in the WordPress plugin ShortPixel Adaptive Images (WebP, AVIF, CDN, Image Optimization) vulnerable through versions

WordPress Plugin ShortPixel Adaptive Images - WebP, AVIF, CDN, Image Optimization Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin ShortPixel...

WordPress Image Optimization 3.8.2 Open Redirection

==================================================================================================================================== | Title : WordPress Image Optimization 3.8.2 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

WordPress ImagePilot - Save Money, Disk Space, and Bandwidth with Image Optimization Plugin < 0.1.2 is vulnerable to Cross Site Scripting (XSS)

Software ImagePilot - Save Money, Disk Space, and Bandwidth with Image Optimization Type Plugin Vulnerable versions 0.1.2 Fixed in 0.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

CVE-2020-36750

The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewwwnggbulkinit function. This makes it possible for unauthenticated attackers to perform bulk image...

CVE-2020-36750

The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewwwnggbulkinit function. This makes it possible for unauthenticated attackers to perform bulk image...

Cross site request forgery (csrf)

The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewwwnggbulkinit function. This makes it possible for unauthenticated attackers to perform bulk image...

CVE-2020-36750

The CVE-2020-36750 entry concerns the WordPress EWWW Image Optimizer plugin. Affected component: ewww_ngg_bulk_init() function in versions up to and including 5.8.1. Root cause: insufficient nonce validation leads to a Cross-Site Request Forgery (CSRF). Impact: unauthenticated attackers could tri...

K03151140: ImageMagick vulnerability CVE-2016-3714

Security Advisory Description The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." CVE-2016-3714 Impac...

K10550253: ImageMagick vulnerability CVE-2016-3715

Security Advisory Description The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting...

K25102203: ImageMagick vulnerability CVE-2016-3716

Security Advisory Description The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. CVE-2016-3716 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...

K11220361: LibTIFF vulnerability CVE-2015-1547

Security Advisory Description The NeXTDecode function in tifnext.c in LibTIFF allows remote attackers to cause a denial of service uninitialized memory access via a crafted TIFF image, as demonstrated by libtiff5.tif. CVE-2015-1547 Impact This vulnerability allows a remote attacker to cause a...

K68785753: ImageMagick vulnerability CVE-2015-8898

Security Advisory Description The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted image file. CVE-2015-8898 Impact BIG-IP systems that use a WebAcceleration profile configured wit...

K82747025: GraphicsMagick vulnerability CVE-2016-5118

Security Advisory Description The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename. CVE-2016-5118 Impact A remote attacker may be able to execute arbitrary code on the...

K29154575: ImageMagick vulnerability CVE-2016-3717

Security Advisory Description The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...

CVE-2023-0619 Kraken.io Image Optimizer <= 2.6.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...

PT-2023-16405 · WordPress · Kraken.Io Image Optimizer

Name of the Vulnerable Software and Affected Versions: Kraken.io Image Optimizer plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to authorization bypass due to a missing capability check on AJAX actions. This allows authenticated attackers with...

CVE-2022-4548 Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

PT-2023-14679 · WordPress · Optimize Images Alt Text (Alt Tag) & Names For Seo Using Ai

Name of the Vulnerable Software and Affected Versions: Optimize images ALT Text & names for SEO using AI WordPress plugin versions prior to 2.0.8 Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CS...

Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Step 1: Install the plugin and register for an...