本ページは wpmudev smush_image_compression_and_optimization に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-1009 | The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file | [email protected] | 6.1 | 0.76% | 2022-05-30 | 2026-06-17 |
| CVE-2017-15079 | The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | [email protected] | 7.5 | 2.51% | 2017-10-06 | 2026-06-16 |