cleantalk
Vulnerabilities and Security Researches

WP Compress – Image Optimizer [All-In-One], CVE-2024-4445

CVE, Research URL

CVE-2024-4445

Home page URL

Security reports for WP Compress – Image Optimizer [All-In-One]

Application

WP Compress – Image Optimizer [All-In-One]

Published on
May 14, 2024
Research Description
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings, including storing cross-site scripting, in multisite environments.
Affected versions
Min -, max 6.20.02.
Status
vulnerable
Previous vulnerability researches
WP Compress – Image Optimizer [All-In-One] (CVE-2024-47384) , Oct 03, 2024
WP Compress – Image Optimizer [All-In-One] (CVE-2024-12047) , Jan 05, 2025
WP Compress – Image Optimizer [All-In-One] (CVE-2025-47546) , May 09, 2025
WP Compress – Image Optimizer [All-In-One] (CVE-2025-2110) , Mar 27, 2025
WP Compress – Image Optimizer [All-In-One] (CVE-2025-2109) , Mar 26, 2025
New vulnerability
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025