Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Smush – Lazy Load Images, Optimize & Compress Images 2.9.1

  • Severity: critical
  • Status: Fixed
  • Publication: December 10, 2018

The Smush – Lazy Load Images, Optimize & Compress Images plugin for WordPress has a vulnerability that can allow attackers to inject malicious web scripts into the application. This vulnerability is present in versions up to, and including, 2.9.1, and is due to insufficient input sanitization and output escaping.

Detected in:

Smush – Lazy Load Images, Optimize & Compress Images fixed vulnerable versions: >= * <= 2.9.1
Smush – Optimize Images | Compress and Lazy Load Images | Convert WebP fixed vulnerable versions:
Smush – Optimize, Compress and Lazy Load Images fixed vulnerable versions:
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN fixed vulnerable versions:
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.