9.8
CVE-2025-47479
- EPSS 0.34%
- Veröffentlicht 04.07.2025 11:18:05
- Zuletzt bearbeitet 23.04.2026 15:30:18
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress WP Compress plugin <= 6.30.30 - Broken Authentication Vulnerability
WP Compress <= 6.30.30 - Unauthenticated Broken Authentication
Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30.
Mögliche Gegenmaßnahme
WP Compress – Instant Performance & Speed Optimization: Update to version 6.30.31, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpcompress ≫ Wp Compress SwPlatformwordpress Version < 6.30.31
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Compress – Instant Performance & Speed Optimization
Version
*-6.30.30
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.255 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
https://patchstack.com/database/Wordpress/Plugin/wp-compress-image-optimizer/vulnerability/wordpress-wp-compress-6-30-30-broken-authentication-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/facb9fd5-86e7-4dc1-affc-eae7aeae5631