Lucene search
K
WpcompressWp Compress

11 matches found

CVE
CVE
added 2024/04/09 6:59 p.m.83 views

CVE-2024-1934

CVE-2024-1934 affects WP Compress – Image Optimizer for WordPress (all versions up to and including 6.11.10). The vulnerability is due to a missing capability check in wps_local_compress::__construct, allowing unauthenticated attackers to modify data by resetting the CDN region and injecting a ma...

7.5CVSS9.1AI score0.00718EPSS
CVE
CVE
added 2024/01/11 6:49 a.m.67 views

CVE-2023-6699

CVE-2023-6699 affects the WP Compress – Image Optimizer [All-In-One] WordPress plugin. All versions up to and including 6.10.33 are vulnerable to directory traversal via the css parameter, allowing unauthenticated attackers to read arbitrary server files. Wordfence and other sources note a patch/...

9.1CVSS7.4AI score0.0087EPSS
CVE
CVE
added 2025/03/25 11:12 a.m.67 views

CVE-2025-2109

CVE-2025-2109: WP Compress – Instant Performance & Speed Optimization (WordPress) is affected up to v6.30.15 by an unauthenticated SSRF via the init() function. Impact: attacker can trigger web requests to internal/external locations from the web app to glean information. CVSSv3.1 base score 5.8 ...

5.8CVSS7AI score0.0037EPSS
CVE
CVE
added 2025/03/26 11:22 a.m.66 views

CVE-2025-2110

CVE-2025-2110 is a real vulnerability affecting the WordPress plugin WP Compress – Instant Performance & Speed Optimization, where missing capability checks on AJAX functions exist in versions up to 6.30.15. This allows authenticated users with Subscriber-level access and above to perform unautho...

8.8CVSS6.6AI score0.00426EPSS
CVE
CVE
added 2024/04/11 1:0 p.m.61 views

CVE-2024-32106

CVE-2024-32106 is a CSRF vulnerability in the WordPress plugin WP Compress – Image Optimizer (All-In-One) . Connected documents confirm the issue affects versions up to 6.10.35 . The available sources describe the vulnerability as CSRF with no publicly documented exploit details in the provided m...

8.8CVSS5.1AI score0.00227EPSS
CVE
CVE
added 2024/05/14 5:32 a.m.54 views

CVE-2024-4445

The CVE-2024-4445 entry concerns WP Compress – Image Optimizer (All-In-One) for WordPress. A missing capability check on several functions in versions up to 6.20.01 allows authenticated attackers with subscriber-level permissions and above to modify data, including plugin settings, and store cros...

6.5CVSS6.2AI score0.00343EPSS
CVE
CVE
added 2024/05/14 2:1 a.m.51 views

CVE-2023-6812

CVE-2023-6812 affects WP Compress – Image Optimizer (All-In-One) for WordPress. The vulnerability is an Open Redirect in all versions up to and including 6.20.01, caused by insufficient validation of the redirect URL supplied via the css parameter. This can allow unauthenticated attackers to tric...

6.1CVSS6.6AI score0.00437EPSS
CVE
CVE
added 2025/01/04 7:24 a.m.51 views

CVE-2024-12047

CVE-2024-12047 affects the WP Compress – Instant Performance & Speed Optimization WordPress plugin. A Reflected Cross-Site Scripting flaw exists via the custom_server parameter in versions up to and including 6.30.03 due to insufficient input sanitization and output escaping, enabling unauthentic...

6.1CVSS6AI score0.0035EPSS
CVE
CVE
added 2025/05/07 2:20 p.m.50 views

CVE-2025-47546

CVE-2025-47546: CSRF in WordPress WP Compress

8.8CVSS7.2AI score0.00143EPSS
CVE
CVE
added 2024/10/05 2:53 p.m.43 views

CVE-2024-47384

CVE-2024-47384 pertains to WP Compress – Image Optimizer [All-In-One], with a Reflected XSS in input handling affecting versions up to 6.20.13. Public sources indicate the vulnerability is fixed in version 6.21.01. Impact is XSS via reflected input during web page generation; specific exploit vec...

7.1CVSS5.9AI score0.00267EPSS
CVE
CVE
added 2025/07/04 11:18 a.m.23 views

CVE-2025-47479

CVE-2025-47479 describes a broken/broken authentication vulnerability in WordPress WP Compress (WP Compress – Instant Performance & Speed Optimization) affecting versions up to 6.30.30. Exploitation would allow authentication abuse due to weak authentication mechanisms. A fix is available; upgrad...

9.8CVSS5.9AI score0.00339EPSS