176 matches found
ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin id: CVE-2023-0334 info: name: ShortPixel Adaptive Images 3.6.3 - Cross Site Scripting author:...
CVE-2026-57342
Subscriber Cross Site Scripting XSS in ShortPixel Adaptive Images = 3.11.3 versions...
CVE-2026-57342 WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in ShortPixel Adaptive Images = 3.11.3 versions...
CVE-2026-57342
The CVE-2026-57342 entry concerns the WordPress ShortPixel Adaptive Images plugin, affected versions are
EUVD-2026-41096
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...
PT-2026-54889
Name of the Vulnerable Software and Affected Versions ShortPixel Enable Media Replace versions prior to 4.2.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-site Scripting XSS issue. Stored XSS occurs when an application receives data from a user a...
WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin ShortPixel Adaptive Images versions = 3.11.3...
CVE-2026-56066
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
CVE-2026-56066 WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
EUVD-2026-39719
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
CVE-2026-56066
CVE-2026-56066 affects the WordPress ShortPixel Adaptive Images plugin up to version 3.11.4, describing an unauthenticated Arbitrary File Deletion vulnerability. The connected records confirm the affected product and the nature of the issue but do not provide details on attack vectors, root cause...
EUVD-2026-36935
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39471
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39471
CVE-2026-39471 affects the WordPress ShortPixel Image Optimizer plugin (
PT-2026-49377
Name of the Vulnerable Software and Affected Versions ShortPixel Image Optimizer versions prior to 6.4.4 Description PHP Object Injection occurs in the software. This issue allows an attacker to inject malicious objects into the application, which can lead to unauthorized code execution or other...
WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...
WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Attachment Title vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...
CVE-2026-4335
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...