CVE-2025-3951

Name of the Vulnerable Software and Affected Versions WP-Optimize versions prior to 4.2.0

Description The issue arises from improper escaping of user input when checking image compression statuses. This could allow users with the administrator role to conduct SQL Injection attacks, particularly in Multi-Site WordPress configurations.

Recommendations For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the image compression status check functionality to minimize the risk of exploitation.