10Web Image Optimizer vulnerabilities
2 known vulnerabilities affecting 10web/image_optimizer.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2023-2122P3MEDIUMCVSS 6.1PoCfixed in 1.0.272023-08-16
CVE-2023-2122 [MEDIUM] CWE-79 CVE-2023-2122: The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_ta
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.
nvd
CVE-2023-2117P4LOWCVSS 2.7fixed in 1.0.272023-05-30
CVE-2023-2117 [LOW] CWE-22 CVE-2023-2117: The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.
nvd