cbcvebase.

Optimole Optimize Images In Real Time vulnerabilities

5 known vulnerabilities affecting optimole/optimole_optimize_images_in_real_time.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-5217P3HIGHCVSS 7.2≤ 4.2.22026-04-11
CVE-2026-5217 [HIGH] CWE-79 CVE-2026-5217: The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin f The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's' parameter (srcset descriptor) in the unauthenticated /wp-json
nvd
CVE-2024-4636P4MEDIUMCVSS 6.4≤ 3.12.102024-05-15
CVE-2024-4636 [MEDIUM] CWE-79 CVE-2024-4636: The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vul The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level pe
nvd
CVE-2024-1047P4MEDIUMCVSS 5.3≤ 3.12.42024-02-02
CVE-2024-1047 [MEDIUM] CWE-862 CVE-2024-1047: Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized m Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_so
nvd
CVE-2026-5226P4MEDIUMCVSS 6.1≤ 4.2.32026-04-11
CVE-2026-5226 [MEDIUM] CWE-79 CVE-2026-5226: The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Si The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which are inserted into JavaScript code via str_replace() without proper JavaScri
nvd
CVE-2025-11519P4MEDIUMCVSS 4.3≤ 4.1.02025-10-18
CVE-2025-11519 [MEDIUM] CWE-639 CVE-2025-11519: The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin f The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/move_image REST API endpoint due to missing validation on a user controlled key. This makes it possible for authentica
nvd
Optimole Optimize Images In Real Time vulnerabilities | cvebase