CVE-2025-11378 – ShortPixel Image Optimizer

CVE ID : CVE-2025-11378

Published : Oct. 18, 2025, 4:16 a.m. | 25 minutes ago

Description : The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘shortpixel_ajaxRequest’ AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…