← Back

Wp Optimize

wp-optimize

Vendor: Updraftplus • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-3951
1Updraftplus
1Wp Optimize
Jun 9, 2025
Jun 2, 2025
N/A· v4
4.1 MEDIUM· v3
N/A· v2
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the con...Show more
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.Show less
CVE-2023-1119
2Srbtranslatin Project
Updraftplus
2Srbtranslatin
Wp Optimize
Jan 6, 2025
Jul 10, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.