CVE-2025-3951

Published Jun 2, 2025

Last updated a month ago

Overview

Description
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.
Source
contact@wpscan.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.1
Impact score
1.4
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-89

Social media

Hype score
Not currently trending

Configurations