CVE-2025-2109

Medium CVSS: 5.8

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.

Vendor

Wpcompress

Product

Wp Compress

CWE

CWE-918

Yayın Tarihi

2025-03-25 11:15:36

Güncelleme

2025-08-11 18:03:48

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-918 Wp Compress MEDIUM Wpcompress 2025

Referanslar

https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.30.15/wp-compress-core.php#L994 https://plugins.trac.wordpress.org/changeset/3254259/ https://wordpress.org/plugins/wp-compress-image-optimizer/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/10b9d703-de9d-472a-bdfb-bc9a41bf375e?source=cve

Benzer Kayıtlar

Critical

CVE-2025-47479

Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This iss…

High

CVE-2025-47546

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Requ…

High

CVE-2025-2110

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, mo…

Medium

CVE-2024-12047

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Sc…