WordPress Bulk images optimizer plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Options Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk images optimizer versions = 2.0.1...

CVE-2024-48043

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through = 5.6.3...

CVE-2024-48043 WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through = 5.6.3...

CVE-2024-48043 WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through = 5.6.3...

CVE-2024-48043

CVE-2024-48043 affects the WordPress plugin ShortPixel Image Optimizer (versions

WordPress Bulk images optimizer Plugin <= 2.0.1 is vulnerable to Broken Access Control

Software Bulk images optimizer Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9361 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 470c4bdcc94d Credits Francesco Carlucci Require...

PT-2024-32962 · Unknown · Shortpixel Image Optimizer

Name of the Vulnerable Software and Affected Versions: ShortPixel Image Optimizer versions n/a through 5.6.3 Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, in the ShortPixel Image Optimizer. This vulnerability allows attackers to exploit t...

PT-2024-39595 · WordPress · Bulk Images Optimizer

Name of the Vulnerable Software and Affected Versions: The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to a missing capability check on the save configuration function, allowing...

WordPress plugin ShortPixel Image Optimizer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2019-25217

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...

CVE-2019-25217 SiteGround Optimizer <= 5.0.12 - Missing Authorization

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...

CVE-2019-25217 SiteGround Optimizer <= 5.0.12 - Missing Authorization

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...

CVE-2019-25217

The CVE-2019-25217 entry describes an authorization bypass in the SiteGround Optimizer WordPress plugin (versions up to 5.0.12) that allows Remote Code Execution and Local File Inclusion via the /switch-php REST API route. The root cause is an incorrect use of an access control attribute on the s...

WordPress plugin SiteGround Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2024-21241

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

AZL-50426 CVE-2024-21230 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

AZL-50402 CVE-2024-21230 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

AZL-50385 CVE-2024-21201 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

AZL-50445 CVE-2024-21201 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

UBUNTU-CVE-2024-21230

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...