Description
Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30.
Published: 2025-07-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The weakness in the AresIT WP Compress plugin allows attackers to abuse authentication, enabling them to gain access without proper credentials and use the plugin’s functions without authorization; the CVE description does not assert broader administrative control beyond the plugin.

Affected Systems

AresIT WP Compress plugin versions up to and including 6.30.30 installed on WordPress sites are affected. The plugin is used for image optimization in WordPress installations.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while an EPSS score of <1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, and the attack vector is inferred to be remote via the plugin’s web endpoints on a compromised WordPress site.

Generated by OpenCVE AI on May 1, 2026 at 07:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WP Compress plugin to the latest version that incorporates the authentication fix
  • If an update is not immediately available, disable or remove the WP Compress plugin to block any authentication abuse until a patched version is released
  • Enforce strong password policies, enable two‑factor authentication, and apply rate limiting on the WordPress site to reduce the chances of successful authentication abuse

Generated by OpenCVE AI on May 1, 2026 at 07:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19979 Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30. Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30.
Title WordPress WP Compress <= 6.30.30 - Broken Authentication Vulnerability WordPress WP Compress plugin <= 6.30.30 - Broken Authentication Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 14 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Wpcompress
Wpcompress wp Compress
CPEs cpe:2.3:a:wpcompress:wp_compress:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpcompress
Wpcompress wp Compress

Mon, 07 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Jul 2025 11:30:00 +0000

Type Values Removed Values Added
Description Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30.
Title WordPress WP Compress <= 6.30.30 - Broken Authentication Vulnerability
Weaknesses CWE-1390
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
Wpcompress Wp Compress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:42.471Z

Reserved: 2025-05-07T09:39:08.089Z

Link: CVE-2025-47479

cve-icon Vulnrichment

Updated: 2025-07-07T16:24:31.729Z

cve-icon NVD

Status : Modified

Published: 2025-07-04T12:15:28.530

Modified: 2026-04-23T15:30:18.020

Link: CVE-2025-47479

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T07:15:11Z

Weaknesses