CVE-2025-11519

Name of the Vulnerable Software and Affected Versions Optimole – Optimize Images versions prior to 4.1.1

Description The Optimole – Optimize Images plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This affects versions up to and including 4.1.0. The issue is due to a lack of validation on a user-controlled key within the /wp-json/optml/v1/move image API endpoint. Authenticated attackers with Author-level access or higher can exploit this to offload media that they do not own. The key parameter is vulnerable.

Recommendations Update Optimole – Optimize Images to version 4.1.1 or later.