MEDIUM
optimole
CVE published 2026-06-18
CVE-2026-11784
The Optimole WordPress plugin, used for image optimization, is vulnerable to Cross-Site Request Forgery (CSRF). This vulnerability, tracked as CVE-2026-11784, affects all versions up to and including 4.2.6. The issue arises from missing or incorrect nonce validation in the 'replace_file' function, enabling attackers to overwrite media attachments with malicious content. An attacker can exploit this by cra [truncated]