cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-optimize wp-optimize

Direction: ascending
Jun 07, 2024

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance # CVE-2023-1119

CVE, Research URL

CVE-2023-1119

Home page URL

Security reports for WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

Application

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

Date
Jul 10, 2023
Research Description
The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.
Affected versions
Min -, max -.
Status
vulnerable

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance # 26830aedbc88ad9227f2593255d49db672b6b093

CVE, Research URL

26830aedbc88ad9227f2593255d49db672b6b093

Home page URL

Security reports for WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

Application

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

Date
Feb 06, 2023
Research Description
WP-Optimize – Cache, Compress images, Minify &amp; Clean database to boost page speed &amp; performance [wp-optimize] < 3.2.12 WP-Optimize <= 3.2.11 - Cross-Site Request Forgery The WP-Optimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.11. This is due to missing or incorrect nonce validation on the 'is_valid_request' function. This makes it possible for unauthenticated attackers to manage and modify cache and minification settings and dismiss notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable
Jun 04, 2025

WP-Optimize – Cache, Compress images, Minify &amp; Clean database to boost page speed &amp; performance # CVE-2025-3951

CVE, Research URL

CVE-2025-3951

Home page URL

Security reports for WP-Optimize – Cache, Compress images, Minify &amp; Clean database to boost page speed &amp; performance

Application

WP-Optimize – Cache, Compress images, Minify &amp; Clean database to boost page speed &amp; performance

Date
Jun 02, 2025
Research Description
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.
Affected versions
Min -, max -.
Status
vulnerable