VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 13 known issues Latest disclosed Feb 17, 2026

WP Compress – Instant Performance & Speed Optimization Vulnerabilities

Review known vulnerability records for the WordPress plugin WP Compress – Instant Performance & Speed Optimization (`wp-compress-image-optimizer`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-25370, CVE-2025-57899 and CVE-2025-47479, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
13
High or Critical
4
Patch Coverage
100%
Last Updated
Feb 24, 2026
Priority CVE Quick Links

Fast paths into WP Compress – Instant Performance & Speed Optimization CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
13
CVE-2023-6699 Critical 6.10.34
CVE-2023-6699 WP Compress – Instant Performance & Speed Optimization Vulnerability

WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css

CVE-2025-2110 High 6.30.16
CVE-2025-2110 WP Compress – Instant Performance & Speed Optimization Vulnerability

WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

CVE-2024-1934 High 6.11.11
CVE-2024-1934 WP Compress – Instant Performance & Speed Optimization Vulnerability

WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification

CVE-2025-47479 High 6.30.31
CVE-2025-47479 WP Compress – Instant Performance & Speed Optimization Vulnerability

WP Compress <= 6.30.30 - Unauthenticated Broken Authentication

CVE-2024-4445 Medium 6.20.02
CVE-2024-4445 WP Compress – Instant Performance & Speed Optimization Cross-Site Scripting

WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization

CVE-2024-12047 Medium 6.30.04
CVE-2024-12047 WP Compress – Instant Performance & Speed Optimization Cross-Site Scripting

WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter

CVE-2024-47384 Medium 6.21.01
CVE-2024-47384 WP Compress – Instant Performance & Speed Optimization Cross-Site Scripting

WP Compress – Image Optimizer [All-In-One] <= 6.20.13 - Reflected Cross-Site Scripting

CVE-2025-2109 Medium 6.30.16
CVE-2025-2109 WP Compress – Instant Performance & Speed Optimization Server-Side Request Forgery

WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Compress – Instant Performance & Speed Optimization so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
13 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 3 high severity findings.
Recent CVEs
CVE-2026-25370, CVE-2025-57899 and CVE-2025-47479
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WP Compress – Instant Performance & Speed Optimization

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-25370
CVE-2026-25370: Compress <= 6.60.28 - Missing Authorization

The Compress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.60.28. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Feb 17, 2026
Patched Release
6.60.29
Affected Versions
Versions up to 6.60.28
Next Step
Update to 6.60.29 or newer if supported.
Open CVE-2026-25370 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-57899
CVE-2025-57899: WP Compress <= 6.50.54 - Missing Authorization

The WP Compress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.50.54. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Sep 22, 2025
Patched Release
6.50.55
Affected Versions
Versions up to 6.50.54
Next Step
Update to 6.50.55 or newer if supported.
Open CVE-2025-57899 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-47479
CVE-2025-47479: WP Compress <= 6.30.30 - Unauthenticated Broken Authentication

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to broken authentication in all versions up to, and including, 6.30.30. This makes it possible for unauthenticated attackers to access functionality they should not have access to.

Published
Jul 03, 2025
Patched Release
6.30.31
Affected Versions
Versions up to 6.30.30
Next Step
Update to 6.30.31 or newer if supported.
Open CVE-2025-47479 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-47546
CVE-2025-47546: WP Compress <= 6.30.30 - Cross-Site Request Forgery

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.30.30. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticate...

Published
May 07, 2025
Patched Release
6.30.31
Affected Versions
Versions up to 6.30.30
Next Step
Update to 6.30.31 or newer if supported.
Open CVE-2025-47546 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-2110
CVE-2025-2110: WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible...

Published
Mar 25, 2025
Patched Release
6.30.16
Affected Versions
Versions up to 6.30.15
Next Step
Update to 6.30.16 or newer if supported.
Open CVE-2025-2110 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-2109
CVE-2025-2109: WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitra...

Published
Mar 24, 2025
Patched Release
6.30.16
Affected Versions
Versions up to 6.30.15
Next Step
Update to 6.30.16 or newer if supported.
Open CVE-2025-2109 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12047
CVE-2024-12047: WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes i...

Published
Jan 03, 2025
Patched Release
6.30.04
Affected Versions
Versions up to 6.30.03
Next Step
Update to 6.30.04 or newer if supported.
Open CVE-2024-12047 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47384
CVE-2024-47384: WP Compress – Image Optimizer [All-In-One] <= 6.20.13 - Reflected Cross-Site Scripting

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 6.20.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Published
Sep 30, 2024
Patched Release
6.21.01
Affected Versions
Versions up to 6.20.13
Next Step
Update to 6.21.01 or newer if supported.
Open CVE-2024-47384 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6812
CVE-2023-6812: WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css

The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated...

Published
May 13, 2024
Patched Release
6.20.02
Affected Versions
Versions up to 6.20.01
Next Step
Update to 6.20.02 or newer if supported.
Open CVE-2023-6812 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4445
CVE-2024-4445: WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with su...

Published
May 13, 2024
Patched Release
6.20.02
Affected Versions
Versions up to 6.20.01
Next Step
Update to 6.20.02 or newer if supported.
Open CVE-2024-4445 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-32106
CVE-2024-32106: WP Compress – Image Optimizer [All-In-One] <= 6.10.35 - Cross-Site Request Forgery

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.35. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated att...

Published
Apr 11, 2024
Patched Release
6.11.01
Affected Versions
Versions up to 6.10.35
Next Step
Update to 6.11.01 or newer if supported.
Open CVE-2024-32106 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-1934
CVE-2024-1934: WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated...

Published
Mar 21, 2024
Patched Release
6.11.11
Affected Versions
Versions up to 6.11.10
Next Step
Update to 6.11.11 or newer if supported.
Open CVE-2024-1934 Report Open CVE Reference