CVE-2025-2110

High CVSS: 8.8

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to compromise the site in various ways depending on the specific function exploited - for example, by retrieving sensitive settings and configuration details, or by altering and deleting them, thereby disclosing sensitive information, disrupting the plugin’s functionality, and potentially impacting overall site performance.

Vendor

Wpcompress

Product

Wp Compress

CWE

CWE-862

Yayın Tarihi

2025-03-26 12:15:15

Güncelleme

2025-08-11 18:02:44

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Wp Compress HIGH Wpcompress 2025

Referanslar

https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.30.15/classes/ajax.class.php https://plugins.trac.wordpress.org/changeset/3254259/ https://wordpress.org/plugins/wp-compress-image-optimizer/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/2bb4ead4-b2ad-42b4-92a0-fb7293f6df06?source=cve

Benzer Kayıtlar

Critical

CVE-2025-47479

Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This iss…

High

CVE-2025-47546

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Requ…

Medium

CVE-2025-2109

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request For…

Medium

CVE-2024-12047

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Sc…