PT-2026-2813 · Crushpics · Crush.Pics Image Optimizer – Image Compression/Optimization

Camilla Flocco

Published

2026-01-14

Updated

2026-01-14

CVE-2025-14482

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings including disabling auto-compression and changing image quality settings.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-14482

Affected Products

Crush.Pics Image Optimizer – Image Compression/Optimization

CVE-2025-14482

Weakness Enumeration

Related Identifiers

Affected Products

References · 5