345 matches found
CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
CVE-2026-4335
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
CVE-2026-4335
The ShortPixel Image Optimizer WordPress plugin (≤ 6.4.3) is vulnerable to Stored Cross-Site Scripting via the attachment post_title. The root cause is insufficient output escaping in getEditorPopup() and media-popup.php, where the attachment title retrieved from get_post() is inserted into an HT...
WordPress plugin ShortPixel Image Optimizer 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Next.js Framework 10.x / 11.x / 12.x / 13.x / 14.x / 15.x / 16.x < 16.1.7 Image Optimizer Disk Cache DoS (GHSA-3x4c-7xq6-9pq8)
The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in the Next.js image optimization feature which lacks a configurable upper limit on disk cache size. An attacker can deliberately generate many unique...
CVE-2026-25370
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through = 6.60.28...
CVE-2026-25387
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...
WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Image Optimizer by Elementor versions = 1.7.1...
CVE-2026-25387
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...
CVE-2026-25387
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...
CVE-2026-25387 WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...
CVE-2026-25387
CVE-2026-25387 affects WordPress Image Optimizer by Elementor (plugin: image-optimization) with versions up to and including 1.7.1. The issue is described as a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control levels, potentially enabling ...
CVE-2026-25387 WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...
CVE-2026-25370
CVE-2026-25370 refers to a missing/incorrect authorization vulnerability in the WordPress plugin WP Compress (wp-compress-image-optimizer) affecting versions
CVE-2026-25370
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through = 6.60.28...
PT-2026-20721
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...
PT-2026-20713
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through = 6.60.28...
WordPress plugin Image Optimizer by Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
CVE-2026-1319
The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output...
CVE-2026-1246
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...