CVE-2025-2110

Name of the Vulnerable Software and Affected Versions WP Compress – Instant Performance & Speed Optimization plugin for WordPress versions up to, and including, 6.30.15

Description The issue is related to missing capability checks on AJAX functions, allowing authenticated attackers with Subscriber-level access and above to compromise the site. This can lead to unauthorized access, modification, and loss of data, including retrieving and altering sensitive settings and configuration details, disrupting the plugin's functionality, and potentially impacting overall site performance.

Recommendations For versions up to, and including, 6.30.15, update to a version that includes the necessary capability checks on AJAX functions to prevent unauthorized access and data manipulation. As a temporary workaround, consider restricting access to the AJAX functions until a patch is available.