CVE-2026-5821 - Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection
CVE ID :CVE-2026-5821 Published : July 2, 2026, 5:35 a.m. | 5 hours, 38 minutes ago Description :The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the Image_Backup::remove()...