345 matches found
CVE-2025-25163
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through = 3.3...
CVE-2025-25163
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3...
CVE-2025-25163
CVE-2025-25163 affects WordPress Plugin A/B Image Optimizer (versions up to 3.3). The vulnerability is a Path Traversal (improper limitation of a pathname to a restricted directory) that can enable an attacker to download arbitrary server files. Public PoCs demonstrate exploitation via authentica...
WordPress plugin A/B Image Optimizer 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversa...
PT-2025-5967 · Zach Swetz · Plugin A/B Image Optimizer
Name of the Vulnerable Software and Affected Versions: Plugin A/B Image Optimizer versions prior to 3.3 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal', in the Zach Swetz Plugin A/B Image Optimizer. This allows fo...
CVE-2024-47384
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Reflected XSS.This issue affects WP Compress: from n/a through = 6.20.13...
CVE-2024-1934
The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset th...
CVE-2024-48043
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through = 5.6.3...
WordPress Plugin A/B Image Optimizer Plugin <= 3.3 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by LVT-tholv2k in WordPress Plugin Plugin A/B Image Optimizer versions = 3.3...
CVE-2023-22708
Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7...
CVE-2023-22708 WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in karim79 Kraken.io Image Optimizer kraken-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through = 2.6.7...
CVE-2023-22708
CVE-2023-22708 affects the WordPress Kraken.io Image Optimizer plugin up to version 2.6.7. The vulnerability is a Broken Access Control due to missing authorization (invalid access control configuration). Impact is described as low with low exploitation likelihood; CVSS v3.1 base score 4.3. The i...
CVE-2023-22708 WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7...
WordPress plugin Kraken.io Image Optimizer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-10855 Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirvuploadfilebychunks function and lack of in all versions up to, and including...
WordPress plugin Image Optimizer, Resizer and CDN – Sirv 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-48044
Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3...
CVE-2024-48044
Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through = 5.6.3...
CVE-2024-48044 WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3...
CVE-2024-48044
CVE-2024-48044 affects WordPress ShortPixel Image Optimizer plugin (versions up to and including 5.6.3). The vulnerability is a Broken Access Control due to missing authorization, allowing an attacker to exploit access control misconfigurations. NVD lists CVSS v3.1 base score 8.8 (High) with netw...