CVE-2025-22288

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

CVE-2025-22288 WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerability

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

EUVD-2025-38034

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

CVE-2025-22288 WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerability

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

EUVD-2023-44019

Malicious code in bioql PyPI...

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the deleteresmushlist function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen ...

CVE-2017-15079

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal...

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the deleteresmushlist function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen ...

CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the deleteresmushlist function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen ...

CVE-2023-3352

CVE-2023-3352 : The Smush WordPress plugin has a missing capability check in delete_resmush_list(), enabling authenticated attackers with minimal permissions (e.g., subscriber) to delete the resmush list for NextGEN or the Media Library. The CVSS 3.1 base score is 4.3 (Medium) with no confidentia...

WordPress plugin Smush security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Smush plugin <= 3.16.4 - Authenticated Resmush List Deletion vulnerability

Authenticated Resmush List Deletion vulnerability discovered by Truoc Phan in WordPress Plugin Smush Image Compression and Optimization versions = 3.16.4...

Smush Plugin for WordPress < 3.9.9 Cross-Site Scripting

The WordPress Smush Plugin installed on the remote host is affected by a reflected Cross-Site Scripting XSS. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress Smush Plugin < 3.9.9 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmudev:smushimagecompressionandoptimization"; if descriptio...

WordPress Smush plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress Smush plugin prior to 3.9.9,...

WordPress plugin Smush 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress Smush plugin prior to 3.9.9,...

Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious...

Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious...

WordPress Smush plugin <= 3.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Smush plugin versions = 3.9.8. Solution Update the WordPress Smush plugin to the latest available version at least 3.9.9...

WordPress Smush Image Compression and Optimization plugin path traversal vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Smush Image Compression and Optimization plugin is one of the image compression, optimization plugin. A path...