CVE Catalog
CVE-2026-56066
MediumCVSS 5.8Summary
The ShortPixel Adaptive Images plugin versions up to 3.11.4 contain a vulnerability allowing an unauthenticated attacker to delete arbitrary files on the server. The flaw is due to missing proper authorization and input validation.
Risk Assessment
An attacker can delete critical system files, configuration files, or application data, potentially leading to service disruption, data loss, or server compromise.
Recommendation
Immediately update the ShortPixel Adaptive Images plugin to version 3.11.5 or later. If an update is not possible, temporarily disable the plugin until a patch is applied.
Original NVD description (English source)
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.

