CVE-2024-32810 HIGH

CVE-2024-32810: WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability

Vendor Shortpixel
Product ShortPixel Critical CSS
Weakness CWE-862 · Missing authorization
Published May 3, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2.

Key dates

02Disclosure timeline

May 3, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts CVE-2025-14592 Missing Authorization in GitLab CVE-2024-12172 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update CVE-2025-62712 JumpServer Connection Token Leak Vulnerability CVE-2024-13719 PeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure