PT-2026-6032 · WordPress · Shortpixel Image Optimizer
0N0Ise
+1
·
Published
2026-02-05
·
Updated
2026-02-05
·
CVE-2026-1246
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ShortPixel Image Optimizer plugin for WordPress versions prior to 6.4.3
Description
The ShortPixel Image Optimizer plugin for WordPress is susceptible to unauthorized file access through a path traversal flaw. This issue stems from inadequate validation and sanitization of the
loadFile parameter within the 'loadLogFile' AJAX action. Authenticated attackers possessing Editor-level access or higher can exploit this to read arbitrary files on the server, potentially exposing sensitive data like database credentials and authentication keys.Recommendations
Update to version 6.4.3 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shortpixel Image Optimizer