The Optimize More! – Images plugin for WordPress, versions up to 1.1.3, contains a missing authorization flaw that permits exploitation of incorrectly configured access control levels. This defect allows an attacker to bypass required permissions and use the plugin’s image optimization features or modify its settings without proper authentication. The resulting unauthorized use can alter media handling, potentially deface the site, or misuse backend capabilities, damaging confidentiality and integrity of site content. The weakness is identified as CWE-862 – Broken Access Control.

Arya Dhiratara’s Optimize More! – Images plugin for WordPress is impacted. All installations running the plugin up to and including version 1.1.3 are vulnerable. Users whose sites rely on this plugin for media optimization should review the current version and apply the latest update.

The CVSS score of 6.5 marks the vulnerability as moderate. The EPSS score of less than 1% suggests that exploitation is rare. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could send crafted requests to the plugin’s URLs that do not enforce proper access control, enabling unauthorized use of image optimization functions even by users with limited privileges. The exact authentication requirements remain unclear because the description does not specify if the user needs to be authenticated.