Wp Optimize Cache Compress Images Minify Clean Database To Boost Page Speed Performance

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-2712 MEDIUM This Month

WP-Optimize plugin for WordPress allows authenticated subscribers and higher to execute admin-only operations including log file access, backup image deletion, and bulk image processing due to missing capability checks in the Heartbeat handler function. The vulnerability affects all versions up to 4.5.0 and requires user authentication but no elevated privileges, enabling privilege escalation from subscriber-level accounts to perform administrative image optimization tasks that should be restricted to site administrators.

WordPress PHP Privilege Escalation Wp Optimize Cache Compress Images Minify Clean Database To Boost Page Speed Performance
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2712
EPSS 0% CVSS 5.4
MEDIUM This Month

WP-Optimize plugin for WordPress allows authenticated subscribers and higher to execute admin-only operations including log file access, backup image deletion, and bulk image processing due to missing capability checks in the Heartbeat handler function. The vulnerability affects all versions up to 4.5.0 and requires user authentication but no elevated privileges, enabling privilege escalation from subscriber-level accounts to perform administrative image optimization tasks that should be restricted to site administrators.

WordPress PHP Privilege Escalation +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy