Lucene search
K

345 matches found

Cvelist
Cvelist
added 2026/03/26 2:25 a.m.31 views

CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...

5.4CVSS0.00176EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 2:25 a.m.2 views

CVE-2026-4335

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...

5.4CVSS6AI score0.00176EPSS
Exploits0References7
CVE
CVE
added 2026/03/26 2:25 a.m.10 views

CVE-2026-4335

The ShortPixel Image Optimizer WordPress plugin (≤ 6.4.3) is vulnerable to Stored Cross-Site Scripting via the attachment post_title. The root cause is insufficient output escaping in getEditorPopup() and media-popup.php, where the attachment title retrieved from get_post() is inserted into an HT...

5.4CVSS6AI score0.00176EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

WordPress plugin ShortPixel Image Optimizer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.10 views

Next.js Framework 10.x / 11.x / 12.x / 13.x / 14.x / 15.x / 16.x < 16.1.7 Image Optimizer Disk Cache DoS (GHSA-3x4c-7xq6-9pq8)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in the Next.js image optimization feature which lacks a configurable upper limit on disk cache size. An attacker can deliberately generate many unique...

7.5CVSS5.8AI score0.00683EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.3 views

CVE-2026-25370

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through = 6.60.28...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.5 views

CVE-2026-25387

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

4.3CVSS5.5AI score0.00315EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/20 7:51 a.m.4 views

WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Image Optimizer by Elementor versions = 1.7.1...

4.3CVSS5.4AI score0.00315EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/19 9:16 a.m.4 views

CVE-2026-25387

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

4.3CVSS0.00315EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.3 views

CVE-2026-25387

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

5.5AI score0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.29 views

CVE-2026-25387 WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

4.3CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.16 views

CVE-2026-25387

CVE-2026-25387 affects WordPress Image Optimizer by Elementor (plugin: image-optimization) with versions up to and including 1.7.1. The issue is described as a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control levels, potentially enabling ...

4.3CVSS5.4AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.10 views

CVE-2026-25387 WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

4.3CVSS5.4AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.12 views

CVE-2026-25370

CVE-2026-25370 refers to a missing/incorrect authorization vulnerability in the WordPress plugin WP Compress (wp-compress-image-optimizer) affecting versions

5.3CVSS5.4AI score0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.2 views

CVE-2026-25370

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through = 6.60.28...

5.5AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20721

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

5.5AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20713

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through = 6.60.28...

5.5AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.6 views

WordPress plugin Image Optimizer by Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.8AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.8 views

CVE-2026-1319

The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output...

6.4CVSS5.6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 7:7 a.m.15 views

CVE-2026-1246

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...

4.9CVSS5.5AI score0.00519EPSS
Exploits0References1
Rows per page
Query Builder