WordPress Community Forum
WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 15, 2022, 10:12 AM
WordPress ShortPixel Image Optimizer plugin <= 4.22.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Plugin name: ShortPixel Image Optimizer
Vulnerable versions: <= 4.22.9
Fixed in: 4.22.10
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14
Vulnerability Details
Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress ShortPixel Image Optimizer plugin (versions <= 4.22.9).
Solution
Update the WordPress ShortPixel Image Optimizer plugin to the latest available version (at least 4.22.10).
Plugin Link: https://wordpress.org/plugins/shortpixel-image-optimiser/