cleantalk
Vulnerabilities and Security Researches

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance, CVE-2025-3951

CVE, Research URL

CVE-2025-3951

Home page URL

Security reports for WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

Application

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

Published on
Jun 02, 2025
Research Description
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.
Affected versions
Min -, max 4.2.0.
Status
vulnerable
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
Flamingo , Apr 16, 2025
Flamingo (022a9997dfc335fe7d818f90b085eb691dd3ba3c) , Jun 07, 2024
New vulnerability
Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider (CVE-2025-4567) , Jun 06, 2025
Popup Maker – Popup for opt-ins, lead gen, & more (CVE-2025-4205) , Jun 06, 2025
MaxiBlocks Free Page Builder & Template Library (CVE-2025-47601) , Jun 06, 2025
MetalpriceAPI (CVE-2025-48140) , Jun 05, 2025
Broken Link Checker (CVE-2025-4047) , Jun 05, 2025