0N0Ise

**Name of the Vulnerable Software and Affected Versions** ShortPixel Image Optimizer plugin for WordPress versions prior to 6.4.3 **Description** The ShortPixel Image Optimizer plugin for WordPress is susceptible to unauthorized file access through a path traversal flaw. This issue stems from inadequate validation and sanitization of the `loadFile` parameter within the 'loadLogFile' AJAX action. Authenticated attackers possessing Editor-level access or higher can exploit this to read arbitrary files on the server, potentially exposing sensitive data like database credentials and authentication keys. **Recommendations** Update to version 6.4.3 or later.