Smush – Image Optimization, Compression, Lazy Load, WebP & CDN

Vulnerabilities 9Slug wp-smushitLatest version 4.0.3WordPress.org →

Minimum safe version

3.17.1

Update to 3.17.1 or later to address 9 fixable vulnerabilities

Latest available4.0.3 ✓

Medium 4.1

2025-11-06< 3.17.1

CVE-2025-22288

Medium 4.3

2024-06-21< 3.16.5

CVE-2023-3352

N/A

< 3.9.9

Smush Image Compression and Optimization <= 2.9.1 - Authenticated Phar Deserialization

N/A

2018-12-10< 3.0.0

Smush – Lazy Load Images, Optimize & Compress Images <= 2.9.1 - Cross-Site Scripting

N/A

2018-12-10< 3.0.1

Smush – Lazy Load Images, Optimize & Compress Images <= 3.0.0 - Authenticated PHAR Deserialization

N/A

2017-10-09< 2.7.6

WordPress Smush Image Compression and Optimization plugin <=2.7.5 - File Traversal vulnerability

N/A

2018-12-10< 3.0.0

WordPress Smush Image Compression and Optimization plugin <= 2.9.1 - Authenticated XSS & Phar Deserialization vulnerabilities

Medium 6.1

2022-05-30< 3.9.9

CVE-2022-1009

High 7.5

2017-10-06< 2.7.6

CVE-2017-15079