CVE Catalog

CVE-2026-56066

MediumCVSS 5.8
Published: Updated: Translated: NVD NIST

Summary

The ShortPixel Adaptive Images plugin versions up to 3.11.4 contain a vulnerability allowing an unauthenticated attacker to delete arbitrary files on the server. The flaw is due to missing proper authorization and input validation.

Risk Assessment

An attacker can delete critical system files, configuration files, or application data, potentially leading to service disruption, data loss, or server compromise.

Recommendation

Immediately update the ShortPixel Adaptive Images plugin to version 3.11.5 or later. If an update is not possible, temporarily disable the plugin until a patch is applied.

Original NVD description (English source)

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS