CVE-2026-4335 | ShortPixel Image Optimizer Plugin up to 6.4.3 on WordPress REST API media-popup.php getEditorPopup cross site scripting

A vulnerability identified as problematic has been detected in ShortPixel Image Optimizer Plugin up to 6.4.3 on WordPress. Impacted is the function getEditorPopup of the file media-popup.php of the component REST API. Performing a manipulation results in cross site scripting.

This vulnerability was named CVE-2026-4335. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More