Optimole Image Optimization WordPress plugin all versions up to and including 4.2.2
Summary
This is an unauthenticated stored cross-site scripting vulnerability in the Optimole WordPress plugin's public REST endpoint. Insufficient input sanitization allows attackers to inject malicious web scripts into page content. The injected script executes automatically whenever any user (including administrators) accesses the compromised page.
Remediation
Update the Optimole plugin to a patched version released after 4.2.2 immediately. If patching is delayed, block unauthenticated access to the plugin's REST endpoint to prevent exploitation attempts.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.