All 3 CVE vulnerabilities found in ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF, with AI-generated Chinese analysis, references, and POCs.
Vendor: shortpixel
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4335 | ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title CWE-79 | 5.4 | Medium | 2026-03-26 |
| CVE-2026-1246 | ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter CWE-22 | 4.9 | Medium | 2026-02-05 |
| CVE-2025-11378 | ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export CWE-862 | 5.4 | Medium | 2025-10-18 |
All 3 known CVE vulnerabilities affecting ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF with full Chinese analysis, references, and POCs where available.