11 matches found
CVE-2024-1934
CVE-2024-1934 affects WP Compress – Image Optimizer for WordPress (all versions up to and including 6.11.10). The vulnerability is due to a missing capability check in wps_local_compress::__construct, allowing unauthenticated attackers to modify data by resetting the CDN region and injecting a ma...
CVE-2023-6699
CVE-2023-6699 affects the WP Compress – Image Optimizer [All-In-One] WordPress plugin. All versions up to and including 6.10.33 are vulnerable to directory traversal via the css parameter, allowing unauthenticated attackers to read arbitrary server files. Wordfence and other sources note a patch/...
CVE-2025-2109
CVE-2025-2109: WP Compress – Instant Performance & Speed Optimization (WordPress) is affected up to v6.30.15 by an unauthenticated SSRF via the init() function. Impact: attacker can trigger web requests to internal/external locations from the web app to glean information. CVSSv3.1 base score 5.8 ...
CVE-2025-2110
CVE-2025-2110 is a real vulnerability affecting the WordPress plugin WP Compress – Instant Performance & Speed Optimization, where missing capability checks on AJAX functions exist in versions up to 6.30.15. This allows authenticated users with Subscriber-level access and above to perform unautho...
CVE-2024-32106
CVE-2024-32106 is a CSRF vulnerability in the WordPress plugin WP Compress – Image Optimizer (All-In-One) . Connected documents confirm the issue affects versions up to 6.10.35 . The available sources describe the vulnerability as CSRF with no publicly documented exploit details in the provided m...
CVE-2024-4445
The CVE-2024-4445 entry concerns WP Compress – Image Optimizer (All-In-One) for WordPress. A missing capability check on several functions in versions up to 6.20.01 allows authenticated attackers with subscriber-level permissions and above to modify data, including plugin settings, and store cros...
CVE-2023-6812
CVE-2023-6812 affects WP Compress – Image Optimizer (All-In-One) for WordPress. The vulnerability is an Open Redirect in all versions up to and including 6.20.01, caused by insufficient validation of the redirect URL supplied via the css parameter. This can allow unauthenticated attackers to tric...
CVE-2024-12047
CVE-2024-12047 affects the WP Compress – Instant Performance & Speed Optimization WordPress plugin. A Reflected Cross-Site Scripting flaw exists via the custom_server parameter in versions up to and including 6.30.03 due to insufficient input sanitization and output escaping, enabling unauthentic...
CVE-2025-47546
CVE-2025-47546: CSRF in WordPress WP Compress
CVE-2024-47384
CVE-2024-47384 pertains to WP Compress – Image Optimizer [All-In-One], with a Reflected XSS in input handling affecting versions up to 6.20.13. Public sources indicate the vulnerability is fixed in version 6.21.01. Impact is XSS via reflected input during web page generation; specific exploit vec...
CVE-2025-47479
CVE-2025-47479 describes a broken/broken authentication vulnerability in WordPress WP Compress (WP Compress – Instant Performance & Speed Optimization) affecting versions up to 6.30.30. Exploitation would allow authentication abuse due to weak authentication mechanisms. A fix is available; upgrad...