5 matches found
CVE-2026-7252
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
CVE-2025-3951
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...
CVE-2025-3951 WP-Optimize < 4.2.0 - Admin+ SQLi
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...
CVE-2025-3951
CVE-2025-3951 affects the WP-Optimize WordPress plugin prior to version 4.2.0. The issue is improper escaping of user input when checking image compression statuses, which could enable users with the administrator role in Multi-Site WordPress configurations to perform SQL Injection attacks. Publi...
CVE-2025-3951 WP-Optimize < 4.2.0 - Admin+ SQLi
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...