Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

shortpixel — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting shortpixel. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ShortPixel is an image optimization service that compresses and delivers web images to improve website performance. Historically, the platform has been vulnerable to multiple security issues including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These flaws have allowed attackers to execute arbitrary code, manipulate web content, or gain unauthorized access to systems. The service has accumulated 18 CVEs, indicating a pattern of security concerns that have required patches and updates. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities suggests ongoing challenges in maintaining secure image processing and delivery infrastructure.

Top products by shortpixel: Enable Media Replace ShortPixel Adaptive Images ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization ShortPixel Image Optimizer ShortPixel Adaptive Images (WordPress plugin) ShortPixel Critical CSS WP SVG Images
CVE IDTitleCVSSSeverityPublished
CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title — ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIFCWE-79 5.4 Medium2026-03-26
CVE-2026-2732 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace — Enable Media ReplaceCWE-862 5.4 Medium2026-03-04
CVE-2026-1246 ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter — ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIFCWE-22 4.9 Medium2026-02-05
CVE-2025-11378 ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export — ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIFCWE-862 5.4 Medium2025-10-18
CVE-2025-9496 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode — Enable Media ReplaceCWE-79 6.4 Medium2025-10-11
CVE-2025-6626 ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization <= 3.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via API URL — ShortPixel Adaptive Images – WebP, AVIF, CDN, Image OptimizationCWE-79 4.4 Medium2025-08-02
CVE-2025-31081 WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability — Enable Media ReplaceCWE-79 7.1 High2025-04-01
CVE-2025-30853 WordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerability — ShortPixel Adaptive ImagesCWE-862 5.4 Medium2025-04-01
CVE-2024-48044 WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability — ShortPixel Image OptimizerCWE-862 5.4 Medium2024-11-01
CVE-2024-48043 WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability — ShortPixel Image OptimizerCWE-89 7.6 High2024-10-17
CVE-2024-5945 WP SVG Images <= 4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG — WP SVG ImagesCWE-79 6.4 Medium2024-06-21
CVE-2024-35172 WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability — ShortPixel Adaptive ImagesCWE-918 4.4 Medium2024-05-13
CVE-2024-4689 WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability — ShortPixel Adaptive ImagesCWE-352 4.3 Medium2024-05-10
CVE-2024-32810 WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability — ShortPixel Critical CSSCWE-862 7.6 High2024-05-03
CVE-2024-31230 WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability — ShortPixel Adaptive ImagesCWE-862 5.3 Medium2024-04-10
CVE-2023-6737 Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting — Enable Media ReplaceCWE-79 4.7 Medium2024-01-11
CVE-2023-32512 WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF) — ShortPixel Adaptive Images – WebP, AVIF, CDN, Image OptimizationCWE-352 4.3 Medium2023-11-09
CVE-2022-29417 WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability — ShortPixel Adaptive Images (WordPress plugin)CWE-284 4.3 Medium2022-04-25

This page lists every published CVE security advisory associated with shortpixel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.