Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.5 views

CVE-2026-2712 WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS5.8AI score0.00427EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 1:24 a.m.9 views

EUVD-2026-21254

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS5.9AI score0.00427EPSS
Exploits0References5
CVE
CVE
added 2026/04/10 1:24 a.m.22 views

CVE-2026-2712

The connected document identifies CVE-2026-2712-related risk in WordPress WP-Optimize plugin, specifically versions &lt;= 4.5.0. The vulnerability is described as Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation, meaning an authenticated user with...

5.4CVSS5.9AI score0.00427EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.10 views

PT-2026-31845

Name of the Vulnerable Software and Affected Versions WP-Optimize plugin for WordPress versions up to and including 4.5.0 Description The WP-Optimize plugin for WordPress has a flaw that allows unauthorized access to functionality. This is due to missing capability checks in the receive heartbeat...

5.4CVSS5.7AI score0.00427EPSS
Exploits0References8
Rows per page
Query Builder