Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
WP Compress: Unauthorized Access to Image Optimization Settings
CVE-2026-25370
Summary
A security weakness in WP Compress allows an attacker to access and potentially modify image optimization settings if the plugin's access control is not properly set up. This affects versions of WP Compress up to 6.60.28. To protect your site, update to the latest version of WP Compress or configure the plugin's access control settings carefully.
Original title
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/...
Original description
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026