CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

RedhatCVE•added 2026/04/13 1:22 p.m.•1 views

CVE-2026-5226

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

6.1CVSS6AI score0.00155EPSS

Exploits0References1

Patchstack•added 2026/04/13 11:1 a.m.•2 views

WordPress Optimole plugin <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Optimole versions = 4.2.2...

7.2CVSS5.8AI score0.00045EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/04/13 10:57 a.m.•3 views

WordPress Optimole plugin <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL vulnerability

Reflected Cross-Site Scripting via Page Profiler URL vulnerability discovered by WordFence in WordPress Plugin Optimole versions = 4.2.3...

6.1CVSS5.8AI score0.00155EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/11 2:16 a.m.•2 views

CVE-2026-5226

6.1CVSS0.00155EPSS

Exploits0References9

ATTACKERKB•added 2026/04/11 1:24 a.m.•1 views

CVE-2026-5217

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

7.2CVSS6AI score0.00045EPSS

Exploits0References8

CVE•added 2026/04/11 1:24 a.m.•6 views

CVE-2026-5217

The CVE covers the WordPress plugin Optimole (versions up to 4.2.2). It is vulnerable to an unauthenticated stored XSS via the srcset descriptor parameter (s) in the REST endpoint /wp-json/optimole/v1/optimizations. Root cause: insufficient input sanitization and output escaping, where sanitize_t...

7.2CVSS6AI score0.00045EPSS

Exploits0References7

EUVD•added 2026/04/11 1:24 a.m.•2 views

EUVD-2026-21664

6.1CVSS6AI score0.00155EPSS

Exploits0References9

ATTACKERKB•added 2026/04/11 1:24 a.m.•3 views

CVE-2026-5226

6.1CVSS6AI score0.00155EPSS

Exploits0References10

Vulnrichment•added 2026/04/11 1:24 a.m.•4 views

CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

6.1CVSS6AI score0.00155EPSS

Exploits0References9

CVE•added 2026/04/11 1:24 a.m.•13 views

CVE-2026-5226

The CVE concerns the WordPress plugin Optimole – Optimize Images in Real Time, affected up to version 4.2.3. It describes a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient output escaping of user-supplied URL paths in get_current_url(), which are inserted into JavaScript by repla...

6.1CVSS6AI score0.00155EPSS

Exploits0References9

Positive Technologies•added 2026/04/11 12:0 a.m.•3 views

PT-2026-32092

6.1CVSS6AI score0.00155EPSS

Exploits0References10

CNNVD•added 2026/04/11 12:0 a.m.•1 views

WordPress plugin Optimole – Optimize Images in Real Time 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00155EPSS

Exploits0References9

CNNVD•added 2026/04/11 12:0 a.m.•1 views

WordPress plugin Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization 跨站脚本漏洞

7.2CVSS5.6AI score0.00045EPSS

Exploits0References8

RedhatCVE•added 2025/10/19 6:43 a.m.•4 views

CVE-2025-11519

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...

4.3CVSS5.7AI score0.00034EPSS

Exploits0References1

NVD•added 2025/10/18 7:15 a.m.•1 views

CVE-2025-11519

4.3CVSS0.00034EPSS

Exploits0References3

Vulnrichment•added 2025/10/18 6:42 a.m.•5 views

CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload

4.3CVSS5.3AI score0.00034EPSS

Exploits0References3

CVE•added 2025/10/18 6:42 a.m.•7 views

CVE-2025-11519

The CVE concerns the Optimole WordPress plugin (image optimization service) up to version 4.1.0, where an Insecure Direct Object Reference exists through the /wp-json/optml/v1/move_image REST endpoint due to missing validation of a user-controlled key. This allows authenticated attackers with Aut...

4.3CVSS5.3AI score0.00034EPSS

Exploits0References3

Patchstack•added 2024/05/15 1:52 a.m.•3 views

WordPress Image Optimization by Optimole plugin <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Optimole versions = 3.12.10...

6.4CVSS5.8AI score0.0038EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/05/15 12:0 a.m.•2 views

WordPress plugin Image Optimization by Optimole 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.0038EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by