cleantalk
Vulnerabilities and Security Researches

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF, CVE-2025-11378

CVE, Research URL

CVE-2025-11378

Home page URL

Security reports for ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

Application

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

Published on
Oct 18, 2025
Research Description
The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options.
Affected versions
max 6.3.5.
Status
vulnerable
Previous vulnerability researches
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (c6d0d7d00104f4d04df374d0a0b63506e6950cb3) , Jun 07, 2024
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (CVE-2026-1246) , Apr 15, 2026
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (CVE-2025-11378) , Dec 10, 2025
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (CVE-2024-48043) , Oct 16, 2024
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (CVE-2024-48044) , Oct 16, 2024
New vulnerability
Livemesh Addons for Beaver Builder (CVE-2026-2029) , Apr 15, 2026
LearnPress Export Import – WordPress extension for LearnPress (CVE-2026-1787) , Apr 15, 2026
Simple calendar for Elementor (CVE-2026-1310) , Apr 15, 2026
JS Help Desk – Best Help Desk & Support Plugin (CVE-2023-7337) , Apr 15, 2026
WP Duplicate – WordPress Migration Plugin (CVE-2026-1499) , Apr 15, 2026