The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
7.5CVSS
7.6AI Score
0.002EPSS
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to...
6.1CVSS
6.2AI Score
0.001EPSS
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextge...
4.3CVSS
4.4AI Score
0.0004EPSS