CVE Catalog

CVE-2026-57342

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The ShortPixel Adaptive Images plugin version 3.11.3 and earlier contains a Cross Site Scripting (XSS) vulnerability exploitable by subscribers. This allows a subscriber-level user to inject malicious JavaScript code into the page.

Risk Assessment

An attacker with subscriber role can steal administrator sessions, redirect users to malicious sites, or alter website content, leading to security breaches and reputational damage for the organization.

Recommendation

Immediately update the ShortPixel Adaptive Images plugin to version 3.11.4 or later, which fixes this vulnerability. Additionally, restrict subscriber permissions to the minimum necessary.

Original NVD description (English source)

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS