Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-05-07

CVE-2026-7252 - Wp Optimize Plugin

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled_original_file_deletion function in all versions up to, and including, 4.5.2 This makes it possible for authenticated attackers, with author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This is possible because 'original-file' is a public (non-protected) meta key…

PLUGIN Wp Optimize

CVE-2026-7252

HIGH CVSS 8.1 2026-05-07
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-2712 - Wp Optimize Plugin

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartbeat.php` in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly invoking `Updraft_Smush_Manager_Commands` methods without verifying user capabilities, nonce tokens, or the allowed commands whitelist that the normal AJAX handler (`updraft_smush_ajax`) enforces. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke admin-only Smush operations including reading log files (`get_smush_logs`), deleting all backup images (`clean_all_backup_images`), triggering bulk image…

PLUGIN Wp Optimize

CVE-2026-2712

MEDIUM CVSS 5.4 2026-04-10
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2025-3951 - Wp Optimize Plugin

The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.

PLUGIN Wp Optimize

CVE-2025-3951

MEDIUM CVSS 4.1 2025-06-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-06

CVE-2023-1119 - Wp Optimize Plugin

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.

PLUGIN Wp Optimize

CVE-2023-1119

MEDIUM CVSS 6.1 2023-07-10
Open Full Technical Breakdown
Scroll to top