CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48043 – WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-48043
13 Oct 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. The ShortPixel Image Optimizer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for au... • https://patchstack.com/database/vulnerability/shortpixel-image-optimiser/wordpress-shortpixel-image-optimizer-plugin-5-6-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48044 – WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-48044
13 Oct 2024 — Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. The ShortPixel Image Optimizer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several actions in class/Controller/AjaxController.php in versions up to, and including, 5.6.3. This makes it possible for authe... • https://patchstack.com/database/vulnerability/shortpixel-image-optimiser/wordpress-shortpixel-image-optimizer-plugin-5-6-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35172 – WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35172
10 May 2024 — Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. Vulnerabilidad de Server Side Request Forgery (SSRF) en ShortPixel ShortPixel Adaptive Images. Este problema afecta a ShortPixel Adaptive Images: desde n/a hasta 3.8.3. The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.8.3 via... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4689 – WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-4689
09 May 2024 — Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ShortPixel ShortPixel Adaptive Images. Este problema afecta a ShortPixel Adaptive Images: desde n/a hasta 3.8.3. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce v... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32810 – WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32810
22 Apr 2024 — Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2. Vulnerabilidad de autorización faltante en ShortPixel ShortPixel Critical CSS. Este problema afecta a ShortPixel Critical CSS: desde n/a hasta 1.0.2. The ShortPixel Critical CSS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several function sin versions up to, and including, 1.0.2. This makes it possible for aut... • https://patchstack.com/database/vulnerability/shortpixel-critical-css/wordpress-shortpixel-critical-css-plugin-1-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31230 – WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31230
02 Apr 2024 — Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_ai_handler and deactivate_ai_handler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated attackers to activate or deactivate the AI handler functionality. • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6737 – Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6737
18 Dec 2023 — The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Exploiting this vulnerability requires the attacker to know the ID of an attachm... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010103%40enable-media-replace%2Ftrunk&old=2990561%40enable-media-replace%2Ftrunk&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4643 – Enable Media Replace < 4.1.3 - Author+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-4643
14 Sep 2023 — The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog El complemento Enable Media Replace de WordPress anterior a 4.1.3 deserializa la entrada del usuario a través de la función Remove Background, lo que podría permitir a los usuarios con permisos de autor o superiores realizar inyección de objetos PHP cuando hay un gadget adecuado presente... • https://wpscan.com/vulnerability/d9125604-2236-435c-a67c-07951a1fc5b1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32512 – WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32512
08 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization en versiones <= 3.7.1. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validati... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-webp-avif-cdn-image-optimization-plugin-3-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0334 – ShortPixel Adaptive Images < 3.6.3 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-0334
02 Feb 2023 — The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a debugging parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... • https://wpscan.com/vulnerability/b027a8db-0fd6-444d-b14a-0ae58f04f931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •