Shortpixel Adaptive Images
by WordPress
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0334 | Med | 0.40 | 6.1 | 0.01 | Feb 27, 2023 | The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin | ||
| CVE-2025-30853 | Med | 0.35 | 5.4 | 0.00 | Apr 1, 2025 | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.10.0. | ||
| CVE-2024-31230 | Med | 0.34 | 5.3 | 0.00 | Apr 10, 2024 | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2. | ||
| CVE-2025-6626 | Med | 0.29 | 4.4 | 0.00 | Aug 2, 2025 | The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-35172 | Med | 0.29 | 4.4 | 0.00 | May 14, 2024 | Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3. | ||
| CVE-2024-4689 | Med | 0.28 | 4.3 | 0.00 | May 14, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3. | ||
| CVE-2022-29417 | Med | 0.28 | 4.3 | 0.01 | Apr 25, 2022 | Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. |
- risk 0.40cvss 6.1epss 0.01
The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.10.0.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2.
- risk 0.29cvss 4.4epss 0.00
The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
- risk 0.28cvss 4.3epss 0.01
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.