GCVE - cpe:2.3:a:wpmudev:smush_image_compression_and_optimization:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wpmudev:smush_image_compression_and_optimization:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Wpmudev (`a4908a28-206b-5801-853a-92926b63e5e8`)
Product	Smush Image Compression And Optimization (`7dbe9b44-e456-5942-b797-5d5b07ea0b7e`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-1009`	vulnerable	2026-06-03 14:45:57.562739	Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file Published: 2022-05-30T08:35:37.000Z Updated: 2024-08-02T23:47:42.943Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/bb5af08f-bb19-46a1-a7ac-8381f428c11e	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-15079`	vulnerable	2026-06-03 14:36:45.222354	Details available The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. Published: 2017-10-06T18:00:00.000Z Updated: 2024-09-16T20:58:03.590Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/wp-smushit/#developers https://wordpress.org/support/topic/file-transversal-bug/	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.