CVE-2025-2110
📋 TL;DR
The WP Compress WordPress plugin has missing capability checks on AJAX functions, allowing authenticated users with Subscriber-level access or higher to access, modify, or delete sensitive plugin settings and configuration data. This vulnerability affects all versions up to 6.30.15 and can lead to information disclosure, functionality disruption, and potential site performance impact.
💻 Affected Systems
- WP Compress – Instant Performance & Speed Optimization
📦 What is this software?
Wp Compress by Wpcompress
⚠️ Risk & Real-World Impact
Worst Case
Attackers could retrieve sensitive configuration data, alter critical settings, delete optimization data, disrupt site performance, and potentially use this access as a foothold for further attacks.
Likely Case
Authenticated attackers would retrieve sensitive plugin configuration details and modify settings to disrupt image optimization functionality, potentially affecting site performance.
If Mitigated
With proper user role management and network segmentation, impact would be limited to authorized users only, though the vulnerability would still exist.
🎯 Exploit Status
Exploitation requires authenticated access but only at the low-privilege Subscriber level. Attackers need to understand WordPress AJAX endpoints and plugin functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.30.16 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3254259/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Compress plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install latest version from WordPress repository.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoints
WordPressAdd code to functions.php to disable the vulnerable AJAX endpoints
add_action('init', function() { remove_action('wp_ajax_wp_compress_ajax', 'wp_compress_ajax_handler'); remove_action('wp_ajax_nopriv_wp_compress_ajax', 'wp_compress_ajax_handler'); });
🧯 If You Can't Patch
- Deactivate the WP Compress plugin immediately
- Implement strict user role management and review all user accounts with Subscriber-level access or higher
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → WP Compress version. If version is 6.30.15 or lower, you are vulnerable.Check Version:
wp plugin list --name=wp-compress-image-optimizer --field=versionVerify Fix Applied:
After updating, verify plugin version is 6.30.16 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to wp-admin/admin-ajax.php with action=wp_compress_ajax from Subscriber-level users
- Multiple failed or successful AJAX requests to plugin endpoints from non-admin users
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with wp_compress_ajax action parameter from unexpected user roles
SIEM Query:
source="wordpress_logs" action="admin-ajax" action_parameter="wp_compress_ajax" user_role="subscriber" | stats count by src_ip🔗 References
- https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.30.15/classes/ajax.class.php
- https://plugins.trac.wordpress.org/changeset/3254259/
- https://wordpress.org/plugins/wp-compress-image-optimizer/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2bb4ead4-b2ad-42b4-92a0-fb7293f6df06?source=cve
