Lucene search
+L

15 matches found

NVD
NVD
added 2026/07/02 7:17 p.m.10 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS0.0067EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 6:32 p.m.7 views

EUVD-2026-41418

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 6:32 p.m.20 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress (up to version 3.6.13) is vulnerable to arbitrary file deletion due to insufficient file path validation in delete_converted_image_size. Authenticated attackers with author-level access can delete arbitrary files on the server ...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/02 6:32 p.m.9 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55284

Name of the Vulnerable Software and Affected Versions TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress versions prior to 3.6.14 Description Insufficient file path validation in the delete converted image size function allows authenticated attackers with author-level access or...

8.1CVSS6.3AI score0.0067EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-42560

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.7 views

CVE-2024-47635

Cross-Site Request Forgery CSRF vulnerability in TinyPNG TinyPNG tiny-compress-images allows Cross Site Request Forgery.This issue affects TinyPNG: from n/a through = 3.4.3...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2024/10/05 1:15 p.m.30 views

CVE-2024-47635

Cross-Site Request Forgery CSRF vulnerability in TinyPNG TinyPNG tiny-compress-images allows Cross Site Request Forgery.This issue affects TinyPNG: from n/a through = 3.4.3...

5.4CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/05 1:7 p.m.16 views

CVE-2024-47635 WordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3...

5.4CVSS7AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/05 1:7 p.m.44 views

CVE-2024-47635 WordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in TinyPNG TinyPNG tiny-compress-images allows Cross Site Request Forgery.This issue affects TinyPNG: from n/a through = 3.4.3...

5.4CVSS0.00171EPSS
Exploits0References1
CVE
CVE
added 2024/10/05 1:7 p.m.48 views

CVE-2024-47635

CVE-2024-47635 : A CSRF vulnerability was reported in the WordPress TinyPNG plugin (versions

5.4CVSS5.9AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.6 views

WordPress plugin TinyPNG 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

5.4CVSS6.8AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/05 12:0 a.m.11 views

PT-2024-32693 · Tinypng · Tinypng

Name of the Vulnerable Software and Affected Versions: TinyPNG versions prior to 3.4.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in TinyPNG. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that t...

5.4CVSS7.1AI score0.00171EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/09/30 11:44 a.m.7 views

WordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin TinyPNG versions = 3.4.3...

5.4CVSS7AI score0.00171EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.25 views

WordPress TinyPNG Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software TinyPNG Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-47635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9470f9a7ceb0 Credits Rafie Muhammad Patchstack...

5.4CVSS6.6AI score0.00171EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder