Optimole Wp
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5217 | Hig | 0.47 | 7.2 | 0.00 | Apr 11, 2026 | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the… | ||
| CVE-2024-4636 | Med | 0.35 | 6.4 | 0.00 | May 15, 2024 | The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output… | ||
| CVE-2026-5226 | Med | 0.33 | 6.1 | 0.01 | Apr 11, 2026 | The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function,… | ||
| CVE-2025-11519 | Med | 0.28 | 4.3 | 0.00 | Oct 18, 2025 | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/move_image REST API endpoint due to missing… | ||
| CVE-2026-11784 | 0.00 | — | 0.00 | Jun 18, 2026 | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replace_file… | |||
| CVE-2022-0969 | 0.00 | — | 0.01 | Apr 11, 2022 | The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the… |
- risk 0.47cvss 7.2epss 0.00
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the…
- risk 0.35cvss 6.4epss 0.00
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output…
- risk 0.33cvss 6.1epss 0.01
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function,…
- risk 0.28cvss 4.3epss 0.00
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/move_image REST API endpoint due to missing…
- CVE-2026-11784Jun 18, 2026risk 0.00cvss —epss 0.00
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replace_file…
- CVE-2022-0969Apr 11, 2022risk 0.00cvss —epss 0.01
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the…