CVE-2026-1246

Name of the Vulnerable Software and Affected Versions ShortPixel Image Optimizer plugin for WordPress versions prior to 6.4.3

Description The ShortPixel Image Optimizer plugin for WordPress is susceptible to unauthorized file access through a path traversal flaw. This issue stems from inadequate validation and sanitization of the loadFile parameter within the 'loadLogFile' AJAX action. Authenticated attackers possessing Editor-level access or higher can exploit this to read arbitrary files on the server, potentially exposing sensitive data like database credentials and authentication keys.

Recommendations Update to version 6.4.3 or later.