VYPR

Optimole Wp

by WordPress

Source repositories

CVEs (6)

  • CVE-2026-5217HigApr 11, 2026
    risk 0.47cvss 7.2epss 0.00

    The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the…

  • CVE-2024-4636MedMay 15, 2024
    risk 0.35cvss 6.4epss 0.00

    The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output…

  • CVE-2026-5226MedApr 11, 2026
    risk 0.33cvss 6.1epss 0.01

    The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function,…

  • CVE-2025-11519MedOct 18, 2025
    risk 0.28cvss 4.3epss 0.00

    The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/move_image REST API endpoint due to missing…

  • CVE-2026-11784Jun 18, 2026
    risk 0.00cvss epss 0.00

    The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replace_file…

  • CVE-2022-0969Apr 11, 2022
    risk 0.00cvss epss 0.01

    The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the…