Unauthorized Data Modification Vulnerability in Quicq Image Optimization Plugin for WordPress
CVE-2025-12015

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Convert Webp & Avif | Quicq | Best Image Optimizer And Compression Plugin | Improve Your Google Pagespeed
Vendor
CVE Published:
13 November 2025

What is CVE-2025-12015?

The Convert WebP & AVIF | Quicq image optimization plugin for WordPress is susceptible to unauthorized data modification. This vulnerability arises from a missing capability check on the 'wp_ajax_wpqai_disconnect_quicq_afosto' AJAX endpoint, affecting all versions up to and including 2.0.0. As a result, authenticated attackers with Subscriber-level access or higher can exploit this weakness to disconnect Afosto, potentially compromising the integrity of site configurations. It is essential for users to apply updates to safeguard against this issue.

Affected Version(s)

Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed * <= 2.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/quicq/

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abhirup Konwar
JSON
.
CVE-2025-12015 : Unauthorized Data Modification Vulnerability in Quicq Image Optimization Plugin for WordPress