Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1246 | 2 Shortpixel, Wordpress | 2 Image Optimizer, Wordpress | 2026-02-06 | 4.9 Medium |
| The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for authenticated attackers, with Editor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys. | ||||
| CVE-2025-11378 | 2 Shortpixel, Wordpress | 3 Image Optimizer, Shortpixel Image Optimizer, Wordpress | 2025-10-21 | 5.4 Medium |
| The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options. | ||||
| CVE-2024-48044 | 1 Shortpixel | 1 Image Optimizer | 2024-11-19 | 5.4 Medium |
| Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. | ||||
Page 1 of 1.