Vulnerabilities in shortpixel

20 results

CVE-2022-29417MEDIUMWordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerabilityEPSS 0.6%CVE-2026-1246MEDIUMShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' ParameterEPSS 0.5%CVE-2023-6737MEDIUMEnable Media Replace <= 4.1.4 - Reflected Cross-Site ScriptingEPSS 0.5%CVE-2026-39471HIGHWordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-48043HIGHWordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerabilityEPSS 0.4%CVE-2024-32810HIGHWordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-30853MEDIUMWordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2024-31230MEDIUMWordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-48044MEDIUMWordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-31081HIGHWordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-35172MEDIUMWordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.4%CVE-2024-5945MEDIUMWP SVG Images <= 4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVGEPSS 0.3%CVE-2023-32512MEDIUMWordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-11378MEDIUMShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/ExportEPSS 0.3%CVE-2024-4689MEDIUMWordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2026-2732MEDIUMEnable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background ReplaceEPSS 0.2%CVE-2025-6626MEDIUMShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization <= 3.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via API URLEPSS 0.2%CVE-2025-9496MEDIUMEnable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified ShortcodeEPSS 0.2%CVE-2026-5714MEDIUMEnable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' ParameterEPSS 0.2%CVE-2026-4335MEDIUMShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment TitleEPSS 0.2%