345 matches found
Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowdtabsactive parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can...
CVE-2026-5821
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
CVE-2026-5821
The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...
EUVD-2026-41247
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
CVE-2026-5821 Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
CVE-2026-5821
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability
Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...
EUVD-2026-36935
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39471
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39471
CVE-2026-39471 affects the WordPress ShortPixel Image Optimizer plugin (
CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
PT-2026-49377
Name of the Vulnerable Software and Affected Versions ShortPixel Image Optimizer versions prior to 6.4.4 Description PHP Object Injection occurs in the software. This issue allows an attacker to inject malicious objects into the application, which can lead to unauthorized code execution or other...
Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471.
Summary Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59471 DESCRIPTION: A denial of service vulnerability exists in self-hosted...
WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Information Disclosure
The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled. id: CVE-2023-406...
VulnCheck KEV: CVE-2023-40600
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...
WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Attachment Title vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...
CVE-2026-4335
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
EUVD-2026-16087
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...