Skip to main content

Shortpixel Adaptive Images

3 CVEs product

Monthly

CVE-2026-57342 MEDIUM This Month

Stored Cross-Site Scripting in ShortPixel Adaptive Images WordPress plugin (versions <= 3.11.3) enables authenticated subscriber-role users to inject malicious scripts that execute in the browsers of higher-privileged users, including administrators. The CVSS changed-scope indicator (S:C) signals that injected payloads can transcend the attacker's own session context - a meaningful risk in WordPress environments where admin account takeover is feasible via session hijacking. No public exploit has been identified and this vulnerability is not listed in CISA KEV at time of analysis.

XSS Shortpixel Adaptive Images
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-0334 MEDIUM POC This Month

The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortpixel Adaptive Images
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-29417 MEDIUM This Month

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Shortpixel Adaptive Images
NVD
CVSS 3.1
4.3
EPSS
0.6%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored Cross-Site Scripting in ShortPixel Adaptive Images WordPress plugin (versions <= 3.11.3) enables authenticated subscriber-role users to inject malicious scripts that execute in the browsers of higher-privileged users, including administrators. The CVSS changed-scope indicator (S:C) signals that injected payloads can transcend the attacker's own session context - a meaningful risk in WordPress environments where admin account takeover is feasible via session hijacking. No public exploit has been identified and this vulnerability is not listed in CISA KEV at time of analysis.

XSS Shortpixel Adaptive Images
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortpixel Adaptive Images
NVD WPScan
EPSS 1% CVSS 4.3
MEDIUM This Month

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Shortpixel Adaptive Images
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy