Lucene search
K

345 matches found

Cvelist
Cvelist
added 2025/08/05 12:10 a.m.14 views

CVE-2025-54387 IPX is Vulnerable to Path Traversal via Prefix Matching Bypass

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

6.9CVSS0.00668EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.4 views

IPX 安全漏洞

IPX is an image optimizer open-sourced by UnJS. A security vulnerability exists in IPX versions 1.3.1 and earlier, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, which stems from improper path prefix checking and could lead to path prefix bypass...

9.8CVSS6.4AI score0.00668EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:12 a.m.6 views

CVE-2024-32106

Cross-Site Request Forgery CSRF vulnerability in WP Compress WP Compress – Image Optimizer All-In-One.This issue affects WP Compress – Image Optimizer All-In-One: from n/a through 6.10.35...

8.8CVSS5.1AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.5 views

CVE-2024-31924

Cross-Site Request Forgery CSRF vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through = 7.2.3...

4.3CVSS5.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.10 views

CVE-2024-27950

Missing Authorization vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through = 7.2.0...

8.8CVSS6.8AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.5 views

CVE-2024-43122

Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9...

6.5CVSS6.9AI score0.00488EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.9 views

CVE-2024-48044

Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through = 5.6.3...

8.8CVSS5.9AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:9 a.m.3 views

CVE-2023-2122

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary...

6.1CVSS6.5AI score0.0085EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:8 a.m.5 views

CVE-2023-2117

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...

2.7CVSS6.5AI score0.00665EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.5 views

CVE-2023-22708

Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7...

4.3CVSS5.1AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.5 views

CVE-2023-6812

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to...

4.3CVSS6.7AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:0 a.m.9 views

CVE-2022-2450

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...

4.3CVSS6.7AI score0.00486EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 a.m.6 views

CVE-2022-2449

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site...

6.5CVSS6.8AI score0.00326EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.9 views

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.7AI score0.0047EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 p.m.8 views

CVE-2020-36750

The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewwwnggbulkinit function. This makes it possible for unauthenticated attackers to perform bulk image...

4.3CVSS6.5AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:40 a.m.5 views

CVE-2016-20010

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5...

10CVSS7.4AI score0.03701EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/02/19 3:57 a.m.176 views

Exploit for Path Traversal in Pluginab Plugin_A\/B_Image_Optimizer

Nuclei Template for CVE-2025-25163 🚀 Overview This reposi...

9.8CVSS7.3AI score0.01966EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/02/18 12:0 a.m.413 views

WordPress Plugin A/B Image Optimizer 3.3 Arbitrary File Download

WordPress Plugin A/B Image Optimizer plugin versions 3.3 and below suffers from an arbitrary file download vulnerability. CVE-2025-25163 Plugin A/B Image Optimizer = 3.3 - Authenticated Subscriber+ Arbitrary File Download Description The Plugin A/B Image Optimizer plugin for WordPress is vulnerab...

9.8CVSS7.2AI score0.01966EPSS
Exploits4
0day.today
0day.today
added 2025/02/18 12:0 a.m.248 views

WordPress A/B Image Optimizer 3.3 Plugin Arbitrary File Download Vulnerability

WordPress Plugin A/B Image Optimizer plugin versions 3.3 and below suffers from an arbitrary file download vulnerability. CVE-2025-25163 Plugin A/B Image Optimizer = 3.3 - Authenticated Subscriber+ Arbitrary File Download Description The Plugin A/B Image Optimizer plugin for WordPress is vulnerab...

9.8CVSS9.6AI score0.01966EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/09 10:19 a.m.7 views

CVE-2025-25163

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through = 3.3...

9.8CVSS7.2AI score0.01966EPSS
Exploits4References1
Rows per page
Query Builder