cleantalk
Vulnerabilities and Security Researches

Smush – Optimize, Compress and Lazy Load Images, CVE-2023-3352

CVE, Research URL

CVE-2023-3352

Home page URL

Security reports for Smush – Optimize, Compress and Lazy Load Images

Application

Smush – Optimize, Compress and Lazy Load Images

Published on
Jun 21, 2024
Research Description
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library.
Affected versions
Min -, max 3.16.5.
Status
vulnerable
Previous vulnerability researches
Smush – Optimize, Compress and Lazy Load Images (CVE-2023-3352) , Jun 22, 2024
Smush – Optimize, Compress and Lazy Load Images (CVE-2025-22288) , Apr 02, 2025
Smush – Optimize, Compress and Lazy Load Images (CVE-2017-15079) , Jun 07, 2024
Smush – Optimize, Compress and Lazy Load Images (CVE-2022-1009) , Jun 07, 2024
New vulnerability
MediaView (CVE-2025-31898) , Apr 05, 2025
Product Filter by WBW (CVE-2025-2317) , Apr 05, 2025
Widget Manager Light (CVE-2025-31768) , Apr 05, 2025
Residential Address Detection (CVE-2025-30916) , Apr 05, 2025
SWM – Shopify to WooCommerce Migration (CVE-2025-31795) , Apr 05, 2025