1. Hey team, while uploading site/page logo as an administrator, The meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by using tools like exif tool, metadata checker etc which is publicly available.

Steps to reproduce:

1. Upload site/page logo
2. copy the image location and save it or check the meta data directly by this site http://exif-viewer.com
3. The all information on the image(meta data) will be publicly disclosed

Patch recommendation:

1. Remove the meta data from uploaded images