ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

Vulnerabilities 12Slug shortpixel-image-optimiserLatest version 6.5.1WordPress.org →

Minimum safe version

6.4.4

Update to 6.4.4 or later to address 12 fixable vulnerabilities

Latest available6.5.1 ✓

N/A

2026-04-20< 6.4.4

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF <= 6.4.3 - Authenticated (Author+) PHP Object Injection

Wordfence CVE

N/A

2026-02-04< 6.4.3

ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter

Wordfence CVE

N/A

2026-03-25< 6.4.4

ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title

Wordfence CVE

Medium 5.4

2025-10-18< 6.3.5

CVE-2025-11378

CVE EUVD Patchstack Wordfence

Medium 5.4

2024-11-01< 5.6.4

CVE-2024-48044

CVE Patchstack Wordfence

High 7.6

2024-10-17< 5.6.4

CVE-2024-48043

CVE Patchstack Wordfence

N/A

< 5.4.2

ShortPixel Image Optimizer < 5.4.2 - Authenticated(Editor+) PHP Object Injection

WPScan

N/A

2023-09-15< 5.4.2

WordPress ShortPixel Image Optimizer Plugin < 5.4.2 is vulnerable to PHP Object Injection

Patchstack

N/A

2023-09-14< 5.4.2

ShortPixel Image Optimizer <= 5.4.1 - Authenticated(Editor+) PHP Object Injection

Wordfence

N/A

< 4.22.10

ShortPixel Image Optimizer < 4.22.10 - Reflected Cross-Site Scripting

WPScan

N/A

2022-06-02< 4.22.10

ShortPixel Image Optimizer <= 4.22.9 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-06-14< 4.22.10

WordPress ShortPixel Image Optimizer plugin <= 4.22.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack