Vulnerabilities and security researches forwp-smushit wp-smushit
Direction: descendingApr 02, 2025
Smush – Optimize, Compress and Lazy Load Images # CVE-2025-22288
- CVE, Research URL
- Date
- -
- Research Description
- Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN [wp-smushit] < 3.17.1 CVE-2025-22288
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 22, 2024
Smush – Optimize, Compress and Lazy Load Images # CVE-2023-3352
- CVE, Research URL
- Date
- Jun 21, 2024
- Research Description
- The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 07, 2024
Smush – Optimize, Compress and Lazy Load Images # CVE-2017-15079
- CVE, Research URL
- Date
- Oct 06, 2017
- Research Description
- The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Smush – Optimize, Compress and Lazy Load Images # CVE-2022-1009
- CVE, Research URL
- Date
- May 30, 2022
- Research Description
- The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file
- Affected versions
-
Min -, max -.
- Status
-
vulnerable