What the vulnerability does
01Description
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through <= 1.7.1.
Explanation of Vulnerability in Simple Terms
02Summary
Image Optimizer by Elementor versions 1.7.1 and earlier lack proper authorization checks, allowing authenticated users to degrade site availability. An attacker with low-level access can trigger resource-intensive operations that impact performance. The vulnerability requires a valid user account but no special privileges. Update to a version newer than 1.7.1 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Trigger resource-intensive operations that degrade site performance or availability.
Potential impact on your site
04Site Impact
Authenticated users can cause denial-of-service conditions affecting site performance.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low-level access to the site.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated