CVE-2024-38774 WordPress Security Optimizer plugin <= 1.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0...

CVE-2024-8964

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-32532 WordPress Speed Optimizer plugin <= 7.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteGround Speed Optimizer.This issue affects Speed Optimizer: from n/a through 7.4.6...

CVE-2024-1976

The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update t...

The vulnerability of the Image Optimizer plugin by 10web, a content management system for WordPress, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Image Optimizer plugin of the 10web content management system for WordPress is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pankaj Jha WordPress Ping Optimizer plugin = 2.35.1.2.3 versions...

CVE-2022-30705

Summary: CVE-2022-30705 affects the WordPress Ping Optimizer plugin by Pankaj Jha, with CSRF in versions &lt;= 2.35.1.2.3. The issue stems from cross-site request forgery handling in the plugin’s admin actions. Impact (as stated): potential CSRF exploitation leading to unauthorized actions within...

CVE-2022-30705 WordPress WordPress Ping Optimizer Plugin <= 2.35.1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pankaj Jha WordPress Ping Optimizer plugin = 2.35.1.2.3 versions...

CVE-2022-30705 WordPress WordPress Ping Optimizer Plugin <= 2.35.1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pankaj Jha WordPress Ping Optimizer plugin = 2.35.1.2.3 versions...

K63314101: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2022-21451 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

Krisp: SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai

The tenweb-speed-optimizer WordPress plugin prior to version 2.12.22 was vulnerable to unauthenticated SQL injection in /wp-json/tenwebio/v2/compress-one, which could be exploited to gain remote code execution by chaining it with insecure deserialization...

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

PT-2023-13963 · WordPress · The Image Optimizer

Name of the Vulnerable Software and Affected Versions: The Image Optimizer, Resizer and CDN WordPress plugin versions prior to 6.8.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is...

CVE-2022-26375

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mammothology AB Press Optimizer plugin = 1.1.1 on WordPress...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mammothology AB Press Optimizer plugin = 1.1.1 on WordPress...

CVE-2022-26375

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mammothology AB Press Optimizer plugin = 1.1.1 on WordPress...

Malicious code in optimizer-plugin-inc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07b2794871339a2d8424d71ca9e8e0514ee68eda9532a9b9877de950becac68a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5111 Malicious code in optimizer-plugin-inc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07b2794871339a2d8424d71ca9e8e0514ee68eda9532a9b9877de950becac68a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...