Browse all 4 CVE security advisories affecting wpo-hr. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPO-HR is a WordPress plugin designed to optimize website performance through caching and optimization features. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's complex functionality and extensive permissions have made it a target for attackers. Four CVEs have been recorded, highlighting persistent security concerns. While no major public incidents have been widely documented, the pattern of vulnerabilities suggests potential for significant compromise if exploited. Organizations using this plugin should maintain strict access controls and promptly apply security updates to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58027 | WordPress NGG Smart Image Search Plugin <= 3.4.3 - Cross Site Scripting (XSS) Vulnerability — NGG Smart Image SearchCWE-79 | 6.5 | Medium | 2025-09-22 |
| CVE-2025-52832 | WordPress NGG Smart Image Search plugin <= 3.4.1 - SQL Injection Vulnerability — NGG Smart Image SearchCWE-89 | 9.3 | Critical | 2025-07-04 |
| CVE-2025-47503 | WordPress NGG Smart Image Search plugin <= 3.3.3 - Cross Site Scripting (XSS) Vulnerability — NGG Smart Image SearchCWE-79 | 6.5 | Medium | 2025-05-07 |
| CVE-2024-13658 | NGG Smart Image Search <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — NGG Smart Image SearchCWE-79 | 6.4 | Medium | 2025-02-12 |
This page lists every published CVE security advisory associated with wpo-hr. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.