CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35172 – WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35172
10 May 2024 — Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. Vulnerabilidad de Server Side Request Forgery (SSRF) en ShortPixel ShortPixel Adaptive Images. Este problema afecta a ShortPixel Adaptive Images: desde n/a hasta 3.8.3. The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.8.3 via... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4689 – WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-4689
09 May 2024 — Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ShortPixel ShortPixel Adaptive Images. Este problema afecta a ShortPixel Adaptive Images: desde n/a hasta 3.8.3. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce v... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31230 – WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31230
02 Apr 2024 — Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_ai_handler and deactivate_ai_handler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated attackers to activate or deactivate the AI handler functionality. • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32512 – WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32512
08 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization en versiones <= 3.7.1. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validati... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-webp-avif-cdn-image-optimization-plugin-3-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0334 – ShortPixel Adaptive Images < 3.6.3 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-0334
02 Feb 2023 — The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a debugging parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... • https://wpscan.com/vulnerability/b027a8db-0fd6-444d-b14a-0ae58f04f931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29417 – WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability
https://notcve.org/view.php?id=CVE-2022-29417
25 Apr 2022 — Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. Una vulnerabilidad en la actualización de la configuración del plugin ShortPixel Adaptive Images versiones anteriores a 3.3.1 incluyéndola en WordPress, permite a un atacante con un rol de usuario bajo, como un suscriptor o superior, cambiar la configuración del plugin • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-3-1-subscriber-plugin-settings-update-vulnerability • CWE-284: Improper Access Control •