| CVE-2026-5217 | Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter | optimole | Optimole – Optimize Images in Real Time | High | 7.2 | 2026-04-11 01:24:59 | Deep Dive |
| CVE-2026-5226 | Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL | optimole | Optimole – Optimize Images in Real Time | Medium | 6.1 | 2026-04-11 01:24:58 | Deep Dive |
| CVE-2026-2712 | WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation | davidanderson | WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance | Medium | 5.4 | 2026-04-10 01:24:58 | Deep Dive |
| CVE-2026-4335 | ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title | shortpixel | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | Medium | 5.4 | 2026-03-26 02:25:20 | Deep Dive |
| CVE-2025-67624 | WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability | Arya Dhiratara | Optimize More! – Images | Medium | 6.5 | 2026-02-20 15:46:28 | Deep Dive |
| CVE-2026-1356 | Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src | mateuszgbiorczyk | Converter for Media – Optimize images | Convert WebP & AVIF | Medium | 4.8 | 2026-02-12 09:25:49 | Deep Dive |
| CVE-2026-1246 | ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter | shortpixel | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | Medium | 4.9 | 2026-02-05 06:47:41 | Deep Dive |
| CVE-2025-67935 | WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability | Mikado-Themes | Optimize | 中危 | - | 2026-01-08 09:17:50 | Deep Dive |
| CVE-2025-66104 | WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.9.5 - Broken Access Control vulnerability | Anton Vanyukov | Offload, AI & Optimize with Cloudflare Images | Medium | 6.5 | 2025-12-18 07:22:19 | Deep Dive |
| CVE-2025-13750 | Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint | mateuszgbiorczyk | Converter for Media – Optimize images | Convert WebP & AVIF | Medium | 4.3 | 2025-12-17 06:37:00 | Deep Dive |
| CVE-2025-13408 | Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection | foxtheme | Foxtool All-in-One: Contact chat button, Custom login, Media optimize images | Medium | 4.3 | 2025-12-12 03:20:44 | Deep Dive |
| CVE-2025-11927 | Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting | gijo | Flying Images: Optimize and Lazy Load Images for Faster Page Speed | Medium | 4.4 | 2025-11-01 04:27:43 | Deep Dive |
| CVE-2025-11519 | Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload | optimole | Optimole – Optimize Images in Real Time | Medium | 4.3 | 2025-10-18 06:42:47 | Deep Dive |
| CVE-2025-11378 | ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export | shortpixel | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | Medium | 5.4 | 2025-10-18 03:33:23 | Deep Dive |
| CVE-2025-9945 | Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset | aryadhiratara | Optimize More! – CSS | Medium | 4.3 | 2025-10-03 11:17:14 | Deep Dive |
| CVE-2025-8723 | Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook | mecanik | Cloudflare Image Resizing – Optimize & Accelerate Your Images | Critical | 9.8 | 2025-08-19 07:26:26 | Deep Dive |
| CVE-2025-28970 | WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability | pep.vn | WP Optimize By xTraffic | Critical | 9.8 | 2025-06-27 11:52:42 | Deep Dive |
| CVE-2025-48145 | WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability | Michal Jaworski | Track, Analyze & Optimize by WP Tao | High | 7.1 | 2025-06-17 15:01:32 | Deep Dive |
| CVE-2025-3951 | WP-Optimize < 4.2.0 - Admin+ SQLi | Unknown | WP-Optimize | - | - | 2025-06-02 06:00:19 | Deep Dive |
| CVE-2025-3739 | Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040 | Drupal | Drupal 8 Google Optimize Hide Page | - | - | 2025-04-16 16:32:44 | Deep Dive |