CVE-2026-4127

Name of the Vulnerable Software and Affected Versions Speedup Optimization plugin for WordPress versions up to and including 1.5.9

Description The Speedup Optimization plugin for WordPress is affected by a missing authorization issue. The speedup01 ajax enabled() function, responsible for handling the wp ajax speedup01 enabled AJAX action, does not verify user capabilities using current user can() or implement nonce verification. This allows authenticated attackers with Subscriber-level access or higher to enable or disable the site’s optimization module by sending a POST request to the ''/admin-ajax'' endpoint. The speedup01 ajax enabled() function is the vulnerable component.

Recommendations Versions prior to 1.5.9 should be updated.