CVE-2026-1246
- EPSS 0.17%
- Veröffentlicht 05.02.2026 06:47:41
- Zuletzt bearbeitet 05.02.2026 14:57:20
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFi...
CVE-2025-11378
- EPSS 0.05%
- Veröffentlicht 18.10.2025 03:33:23
- Zuletzt bearbeitet 21.10.2025 19:31:25
The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and inc...
CVE-2024-48044
- EPSS 0.24%
- Veröffentlicht 01.11.2024 15:15:56
- Zuletzt bearbeitet 13.11.2024 01:20:35
Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through...
CVE-2024-48043
- EPSS 0.27%
- Veröffentlicht 17.10.2024 12:15:02
- Zuletzt bearbeitet 18.10.2024 12:52:33
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.