CVE-2026-11784: CWE-352 Cross-Site Request Forgery (CSRF) in optimole Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Optimole WordPress plugin up to and including version 4.2.6. The issue arises from missing or incorrect nonce validation in the replace_file function, allowing an attacker to overwrite media attachments by tricking a user with Author-level or higher privileges into clicking a crafted link. The vulnerability requires the victim to have edit_post capability on the targeted attachment. This flaw can lead to unauthorized modification of media files without direct authentication.
AI Analysis
Technical Summary
CVE-2026-11784 is a CSRF vulnerability in the Optimole – Optimize Images plugin for WordPress, affecting all versions up to and including 4.2.6. The vulnerability is due to missing or incorrect nonce validation on the replace_file function. An attacker can exploit this by sending a forged multipart POST request that overwrites existing media attachments. Exploitation requires tricking a user with at least Author-level privileges who has edit_post capability on the targeted attachment to perform an action such as clicking a malicious link. This allows unauthorized modification of media files without authentication.
Potential Impact
The vulnerability allows an unauthenticated attacker to overwrite media attachments that a victim user with Author-level or higher privileges can edit. This can lead to unauthorized modification of media content on the affected WordPress site. There is no direct confidentiality or availability impact reported, but the integrity of media files can be compromised.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, site administrators should limit the number of users with Author-level or higher privileges and exercise caution when clicking links from untrusted sources. Monitoring for updates from the plugin vendor is recommended to apply any forthcoming patches promptly.
CVE-2026-11784: CWE-352 Cross-Site Request Forgery (CSRF) in optimole Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization
Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Optimole WordPress plugin up to and including version 4.2.6. The issue arises from missing or incorrect nonce validation in the replace_file function, allowing an attacker to overwrite media attachments by tricking a user with Author-level or higher privileges into clicking a crafted link. The vulnerability requires the victim to have edit_post capability on the targeted attachment. This flaw can lead to unauthorized modification of media files without direct authentication.
CVSS v3.1
Score 4.3medium
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-11784 is a CSRF vulnerability in the Optimole – Optimize Images plugin for WordPress, affecting all versions up to and including 4.2.6. The vulnerability is due to missing or incorrect nonce validation on the replace_file function. An attacker can exploit this by sending a forged multipart POST request that overwrites existing media attachments. Exploitation requires tricking a user with at least Author-level privileges who has edit_post capability on the targeted attachment to perform an action such as clicking a malicious link. This allows unauthorized modification of media files without authentication.
Potential Impact
The vulnerability allows an unauthenticated attacker to overwrite media attachments that a victim user with Author-level or higher privileges can edit. This can lead to unauthorized modification of media content on the affected WordPress site. There is no direct confidentiality or availability impact reported, but the integrity of media files can be compromised.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, site administrators should limit the number of users with Author-level or higher privileges and exercise caution when clicking links from untrusted sources. Monitoring for updates from the plugin vendor is recommended to apply any forthcoming patches promptly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-06-09T12:47:39.122Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a338758f198dc38c1370e27
Added to database: 6/18/2026, 5:51:20 AM
Last enriched: 6/18/2026, 6:05:36 AM
Last updated: 6/18/2026, 7:21:12 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.