{"id":64181,"date":"2025-06-02T12:32:05","date_gmt":"2025-06-02T09:02:05","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-3951-wordpress-wp-optimize-sql-injection-vulnerability\/"},"modified":"2025-06-02T12:32:05","modified_gmt":"2025-06-02T09:02:05","slug":"cve-2025-3951-wordpress-wp-optimize-sql-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-3951-wordpress-wp-optimize-sql-injection-vulnerability\/","title":{"rendered":"CVE-2025-3951 &#8211; WordPress WP-Optimize SQL Injection Vulnerability"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-3951<br \/>\n<br \/>\n<strong>Published : <\/strong> June 2, 2025, 6:15 a.m. | 2\u00a0hours, 8\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>The WP-Optimize  WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-3951 Published : June 2, 2025, 6:15 a.m. | 2\u00a0hours, 8\u00a0minutes ago Description : The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations. Severity: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-64181","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/64181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=64181"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/64181\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=64181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=64181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=64181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}