CVE-2023-2122
published 2023-08-16CVE-2023-2122: The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin…
PriorityP334medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.85%
53.5th percentile
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 10web | image_optimizer | < 1.0.27 | 1.0.27 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-2122 [MEDIUM] Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
Image Optimizer by 10web ")'
- 'contains(body_2, "Image optimizer")'
condition: and
# digest: 4a0a0047304502203f7c81070e25ec44d78959290cef1be2c5b40fe8d2a58638209f92116b8eef1a022100fb5d4405991cc3d98386b705e903a9350e4b13bb72475efde21eb1d17b9cf82a:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2023-08-16
Published