CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35172 – WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35172
10 May 2024 — Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. Vulnerabilidad de Server Side Request Forgery (SSRF) en ShortPixel ShortPixel Adaptive Images. Este problema afecta a ShortPixel Adaptive Images: desde n/a hasta 3.8.3. The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.8.3 via... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4689 – WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-4689
09 May 2024 — Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ShortPixel ShortPixel Adaptive Images. Este problema afecta a ShortPixel Adaptive Images: desde n/a hasta 3.8.3. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce v... • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31230 – WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31230
02 Apr 2024 — Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_ai_handler and deactivate_ai_handler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated attackers to activate or deactivate the AI handler functionality. • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •