WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability
Vulnerable versions
<= 3.3.1
PSID
d3f25d3d67a6
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-04-25
Patchstack vPatch available since
09.12.2021
Details
Subscriber+ Plugin Settings Update vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance) in WordPress ShortPixel Adaptive Images plugin (versions <= 3.3.1).
Solution
Update the WordPress ShortPixel Adaptive Images plugin to the latest available version (at least 3.4.0).
References
CVE-2022-29417
Plugin changelog