WordPress Plugin Vulnerabilities

ShortPixel Adaptive Images < 3.4.0 - Subscriber+ Arbitrary Settings Update

Description

The plugin does not have any authorisation when updating its settings via an AJAX action, allowing any authenticated users, such as subscriber to change them

Affects Plugins

Plugin icon
shortpixel-adaptive-images
Fixed in 3.4.0

References

CVE
CVE-2022-29417

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
2e89b1f9-e320-4a99-b4d3-18dfc88fb31f

Timeline

Publicly Published
2022-04-25 (about 4 years ago)
Added
2022-04-25 (about 4 years ago)
Last Updated
2022-04-27 (about 4 years ago)

Other

Published
Title
Published
2026-03-23
Title
WP Configurator Pro < 3.8.0 - Missing Authorization
Published
2026-04-28
Title
Complianz < 7.4.6 - Unauthenticated Private Post Content Disclosure
Published
2025-03-31
Title
Google SEO Pressor Snippet <= 2.0 - Missing Authorization
Published
2024-04-23
Title
Page Builder: Live Composer < 1.5.39 - Missing Authorization
Published
2026-01-08
Title
Quiz And Survey Master < 10.3.4 - Missing Authorization