VYPR

Image Optimizer

by WordPress

CVEs (4)

  • CVE-2026-4335MedMar 26, 2026
    risk 0.35cvss 5.4epss 0.00

    The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post_title in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup() function and its corresponding…

  • CVE-2026-1319MedFeb 5, 2026
    risk 0.35cvss 6.4epss 0.00

    The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input…

  • CVE-2026-1246MedFeb 5, 2026
    risk 0.32cvss 4.9epss 0.01

    The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes…

  • CVE-2025-11378MedOct 18, 2025
    risk 0.28cvss 5.4epss 0.00

    The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes…