← Back

Siteground

siteground

4 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Siteground Security
siteground_security
2 CVEs
Security Optimizer
security_optimizer
1 CVE
Speed Optimizer
speed_optimizer
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25217
1Siteground
1Speed Optimizer
Dec 23, 2025
Oct 16, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access con...Show more
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.Show less
CVE-2023-0234
1Siteground
1Siteground Security
Mar 25, 2025
Feb 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
CVE-2022-0993
1Siteground
1Siteground Security
Apr 8, 2026
Apr 19, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code impleme...Show more
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.Show less
CVE-2022-0992
1Siteground
1Security Optimizer
Apr 8, 2026
Apr 19, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allo...Show more
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.Show less