Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2025/10/19 6:43 a.m.17 views

CVE-2025-11519

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...

4.3CVSS5.7AI score0.00304EPSS
Exploits0References1
NVD
NVD
added 2025/10/18 7:15 a.m.7 views

CVE-2025-11519

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...

4.3CVSS0.00304EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/18 6:42 a.m.8 views

CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...

4.3CVSS5.3AI score0.00304EPSS
Exploits0References3
CVE
CVE
added 2025/10/18 6:42 a.m.18 views

CVE-2025-11519

The CVE concerns the Optimole WordPress plugin (image optimization service) up to version 4.1.0, where an Insecure Direct Object Reference exists through the /wp-json/optml/v1/move_image REST endpoint due to missing validation of a user-controlled key. This allows authenticated attackers with Aut...

4.3CVSS5.3AI score0.00304EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/15 1:52 a.m.5 views

WordPress Image Optimization by Optimole plugin <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Optimole versions = 3.12.10...

6.4CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.5 views

WordPress plugin Image Optimization by Optimole 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.0042EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.7 views

CVE-2022-0969

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...

4.8CVSS5.5AI score0.0073EPSS
Exploits2References3
Rows per page
Query Builder