Volerion logoVolerion
Volerion logoVolerion

WP Compress WordPress Plugin Missing Authorization Vulnerability on AJAX Functions

Vulnerability

A vulnerability exists in the WP Compress - Instant Performance & Speed Optimization plugin for WordPress, affecting all versions through 6.30.15. The issue stems from inadequate capability checks on several AJAX functions, allowing authenticated attackers with Subscriber-level access or higher to gain unauthorized access, modify, or delete sensitive data. This vulnerability could disrupt the plugin's functionality and overall site performance.

Impact

Exploitation of this vulnerability could lead to unauthorized access, modification, and deletion of sensitive data, disrupting the plugin's functionality and potentially degrading overall site performance.

Remediation

Users can update to version 6.30.16 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
3.1
exploitability
6.1
remediation
7.7
relevance
0.0
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.