cbcvebase.
CVE-2023-2122
published 2023-08-16

CVE-2023-2122: The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin…

PriorityP334medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.85%
53.5th percentile
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.

Affected

1 ranges
VendorProductVersion rangeFixed in
10webimage_optimizer< 1.0.271.0.27
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.