| CVE-2025-14437 | Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File | wpmudev | Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN | High | 7.5 | 2025-12-18 12:22:27 | Deep Dive |
| CVE-2025-11519 | Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload | optimole | Optimole – Optimize Images in Real Time | Medium | 4.3 | 2025-10-18 06:42:47 | Deep Dive |
| CVE-2025-8778 | NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function | nitropack | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | Medium | 4.3 | 2025-09-10 06:38:47 | Deep Dive |
| CVE-2025-6626 | ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization <= 3.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via API URL | shortpixel | ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | Medium | 4.4 | 2025-08-02 07:24:21 | Deep Dive |
| CVE-2025-7443 | BerqWP <= 2.2.42 - Unauthenticated Arbitrary File Upload | berqwp | BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript | High | 8.1 | 2025-08-01 04:24:29 | Deep Dive |
| CVE-2025-48153 | WordPress Import CDN-Remote Images plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) Vulnerability | Atakan Au | Import CDN-Remote Images | High | 7.1 | 2025-07-16 10:36:58 | Deep Dive |
| CVE-2025-46233 | WordPress Sirv plugin <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability | Sirv CDN and Image Hosting | Sirv | Medium | 6.5 | 2025-04-22 09:53:24 | Deep Dive |
| CVE-2025-23696 | WordPress Staging CDN plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | Ronan Mockett | Staging CDN | High | 7.1 | 2025-01-22 14:29:20 | Deep Dive |
| CVE-2024-11851 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update | nitropack | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | Medium | 4.3 | 2025-01-15 11:29:53 | Deep Dive |
| CVE-2024-11848 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | nitropack | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | High | 8.1 | 2025-01-15 11:24:36 | Deep Dive |
| CVE-2024-10855 | Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion | sirv | Image Optimizer, Resizer and CDN – Sirv | High | 8.1 | 2024-11-20 06:42:57 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8964 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | sirv | Image Optimizer, Resizer and CDN – Sirv | Medium | 6.4 | 2024-10-08 07:32:28 | Deep Dive |
| CVE-2024-9344 | BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting | berqwp | BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript | Medium | 6.1 | 2024-10-02 08:31:50 | Deep Dive |
| CVE-2024-8480 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload | sirv | Image Optimizer, Resizer and CDN – Sirv | High | 8.8 | 2024-09-06 03:30:40 | Deep Dive |
| CVE-2024-6392 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update | sirv | Image Optimizer, Resizer and CDN – Sirv | Medium | 5.4 | 2024-07-11 21:31:34 | Deep Dive |
| CVE-2023-3352 | Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion | wpmudev | Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | Medium | 4.3 | 2024-06-21 02:05:44 | Deep Dive |
| CVE-2024-5853 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload | sirv | Image Optimizer, Resizer and CDN – Sirv | Critical | 9.9 | 2024-06-19 05:37:45 | Deep Dive |
| CVE-2024-5241 | Huashi Private Cloud CDN Live Streaming Acceleration Server ipconfig_new.php os command injection | Huashi | Private Cloud CDN Live Streaming Acceleration Server | Medium | 4.7 | 2024-05-23 07:00:05 | Deep Dive |
| CVE-2024-32959 | WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability | Sirv CDN and Image Hosting | Sirv | High | 8.8 | 2024-05-17 09:40:23 | Deep Dive |