CVE-2024-12047

Medium CVSS: 6.1

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Vendor

Wpcompress

Product

Wp Compress

CWE

CWE-79

Yayın Tarihi

2025-01-04 08:15:06

Güncelleme

2025-08-11 17:24:17

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Wp Compress MEDIUM Wpcompress 2025

Referanslar

https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.30.00/addons/cdn/cdn-rewrite.php#L459 https://plugins.trac.wordpress.org/changeset/3213738/ https://wordpress.org/plugins/wp-compress-image-optimizer/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/09c04863-a454-4f05-9403-aff39dbccd43?source=cve

Benzer Kayıtlar

Critical

CVE-2025-47479

Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This iss…

High

CVE-2025-47546

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Requ…

High

CVE-2025-2110

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, mo…

Medium

CVE-2025-2109

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request For…