Browse all 4 CVE security advisories affecting WP Compress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP Compress is a WordPress optimization plugin designed to improve website performance through image compression and caching. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting issues, and privilege escalation flaws. The plugin has accumulated four CVE records, primarily stemming from insufficient input validation and improper access controls. Security researchers have identified that misconfigurations in its file handling mechanisms often lead to unauthorized access and code execution. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations, emphasizing the need for regular updates and proper hardening of WordPress environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64639 | WordPress WP Compress for MainWP plugin <= 6.50.17 - Broken Access Control vulnerability — WP Compress for MainWPCWE-862 | 5.3 | Medium | 2025-12-16 |
| CVE-2025-30932 | WordPress WP Compress for MainWP plugin <= 6.30.32 - Broken Access Control Vulnerability — WP Compress for MainWPCWE-862 | 5.4 | Medium | 2025-06-06 |
| CVE-2025-31076 | WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability — WP Compress for MainWPCWE-918 | 4.9 | Medium | 2025-03-28 |
| CVE-2024-32106 | WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability — WP Compress – Image Optimizer [All-In-One]CWE-352 | 4.3 | Medium | 2024-04-11 |
This page lists every published CVE security advisory associated with WP Compress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.