MAL-2025-28367 Malicious code in optimize-css-assets-webpack-plugin-quantum-supervisor-oscillation (npm)

The package optimize-css-assets-webpack-plugin-quantum-supervisor-oscillation was found to contain malicious code...

WordPress WP Optimize By xTraffic Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress WP Optimize By xTraffic that stems from the application not properly validating user-submitted code, which can be exploited b...

CVE-2025-28970

Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...

CVE-2025-28970

Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...

CVE-2025-28970 WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...

CVE-2025-28970 WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...

CVE-2025-28970

CVE-2025-28970: PHP Object Injection via deserialization in WP Optimize By xTraffic (WordPress plugin). Affected: WP Optimize By xTraffic versions up to and including 5.1.6. Status: Unpatched in the public CVE references. Root cause: Deserialization of untrusted data leading to object injection. ...

WordPress plugin WP Optimize By xTraffic 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress WP Optimize By xTraffic that stems from the application not properly validating user-submitted code, which can be exploited b...

CVE-2025-48145

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao wp-tao allows Reflected XSS.This issue affects Track, Analyze & Optimize by WP Tao: from n/a through = 1.3...

CVE-2025-48145

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao wp-tao allows Reflected XSS.This issue affects Track, Analyze & Optimize by WP Tao: from n/a through = 1.3...

WordPress plugin Track, Analyze & Optimize by WP Tao 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2025-3951

The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...

CVE-2025-3951 WP-Optimize < 4.2.0 - Admin+ SQLi

The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...

CVE-2025-3951

CVE-2025-3951 affects the WP-Optimize WordPress plugin prior to version 4.2.0. The issue is improper escaping of user input when checking image compression statuses, which could enable users with the administrator role in Multi-Site WordPress configurations to perform SQL Injection attacks. Publi...

CVE-2025-3951 WP-Optimize < 4.2.0 - Admin+ SQLi

The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...

WordPress plugin WP-Optimize 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-23469 · WordPress · Wp-Optimize

Name of the Vulnerable Software and Affected Versions: WP-Optimize versions prior to 4.2.0 Description: The issue arises from improper escaping of user input when checking image compression statuses. This could allow users with the administrator role to conduct SQL Injection attacks, particularly...

CVE-2024-30541

Cross-Site Request Forgery CSRF vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1...

CVE-2024-30481

Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0...

CVE-2024-34808

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0...