cleantalk
Vulnerabilities and Security Researches

Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF, CVE-2024-4636

CVE, Research URL

CVE-2024-4636

Home page URL

Security reports for Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF

Application

Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF

Published on
May 15, 2024
Research Description
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.13.0.
Status
vulnerable
Previous vulnerability researches
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF (CVE-2024-4636) , Jun 07, 2024
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF (CVE-2022-0969) , Jun 07, 2024
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF (CVE-2025-11519) , Dec 10, 2025
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF (CVE-2026-5217) , Apr 14, 2026
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF (CVE-2026-5226) , Apr 14, 2026
New vulnerability
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress – WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026