27 matches found
CVE-2025-11519
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
CVE-2025-11519
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
CVE-2025-11519
The CVE concerns the Optimole WordPress plugin (image optimization service) up to version 4.1.0, where an Insecure Direct Object Reference exists through the /wp-json/optml/v1/move_image REST endpoint due to missing validation of a user-controlled key. This allows authenticated attackers with Aut...
WordPress Image Optimization by Optimole plugin <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Optimole versions = 3.12.10...
WordPress plugin Image Optimization by Optimole 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-0969
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...