Skip to main content

Optimole

1 CVEs product

Monthly

CVE-2026-57673 HIGH This Week

Stored/reflected Cross-Site Scripting in the Optimole WordPress image-optimization plugin (versions 4.2.7 and earlier) lets remote unauthenticated attackers inject arbitrary JavaScript that executes in the browser of any user who views the affected content. Reported by Patchstack and classified CWE-79 with a CVSS 3.1 score of 7.1, the flaw carries a scope-changing impact (S:C) but requires victim interaction (UI:R). At the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV; no EPSS value was supplied.

XSS Optimole
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Stored/reflected Cross-Site Scripting in the Optimole WordPress image-optimization plugin (versions 4.2.7 and earlier) lets remote unauthenticated attackers inject arbitrary JavaScript that executes in the browser of any user who views the affected content. Reported by Patchstack and classified CWE-79 with a CVSS 3.1 score of 7.1, the flaw carries a scope-changing impact (S:C) but requires victim interaction (UI:R). At the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV; no EPSS value was supplied.

XSS Optimole
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy