Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-67935
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    10 packages
    • pngoptimizer
    • meshoptimizer
    • openorbitaloptimizer
    • elmPackages.elm-optimize-level-2
    • akkuPackages.cyclone-iset-optimize
    • haskellPackages.amazonka-compute-optimizer
    • python312Packages.mypy-boto3-compute-optimizer
    • python313Packages.mypy-boto3-compute-optimizer
    • python312Packages.types-aiobotocore-compute-optimizer
    • python313Packages.types-aiobotocore-compute-optimizer
    2 months ago
  • @LeSuisse dismissed 2 months ago
WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4.

References

Affected products

optimizewp
  • =<< 2.4 
WP theme not present in nixpkgs