CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

256 matches found

CVE•added 2022/09/16 8:40 a.m.•70 views

CVE-2022-2635

The CVE-2022-2635 issue affects the WordPress Autoptimize plugin prior to 3.1.1. The root cause is inadequate sanitisation/escaping of certain settings, allowing Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). The ...

4.8CVSS4.7AI score0.00218EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/09/16 8:40 a.m.•11 views

CVE-2022-2635 Autoptimize < 3.1.1 - Admin+ Stored Cross Site Scripting

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00218EPSS

Exploits1References1

CNNVD•added 2022/09/16 12:0 a.m.•1 views

WordPress plugin Autoptimize 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

4.8CVSS5AI score0.00218EPSS

Exploits1References2

Patchstack•added 2022/08/17 12:0 a.m.•18 views

WordPress Autoptimize Plugin <= 3.1.0 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in Autoptimize versions = 3.1.0 Solution Update the WordPress Autoptimize plugin to the latest available version at least 3.1.1...

4.8CVSS1.8AI score0.00218EPSS

Exploits1References1Affected Software1

OpenVAS•added 2022/06/24 12:0 a.m.•16 views

WordPress Autoptimize Plugin < 2.8.4 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:autoptimize:autoptimize"; ifdescription...

4.8CVSS5.2AI score0.00186EPSS

Exploits2References1

OpenVAS•added 2022/06/24 12:0 a.m.•23 views

WordPress Autoptimize Plugin < 2.7.8 Multiple Vulnerabilities

9.8CVSS6.4AI score0.10014EPSS

Exploits6References3

OSV•added 2021/06/21 8:15 p.m.•1 views

CVE-2021-24376

The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP...

9.8CVSS7.2AI score

Exploits0References1

NVD•added 2021/06/21 8:15 p.m.•16 views

CVE-2021-24376

9.8CVSS0.10014EPSS

Exploits2References1

NVD•added 2021/06/21 8:15 p.m.•14 views

CVE-2021-24378

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execut...

4.8CVSS0.00225EPSS

Exploits2References1

OSV•added 2021/06/21 8:15 p.m.•2 views

CVE-2021-24378

4.8CVSS5.9AI score0.00225EPSS

Exploits2References1

OSV•added 2021/06/21 8:15 p.m.•0 views

CVE-2021-24377

The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted o...

8.1CVSS7.1AI score

Exploits0References1

NVD•added 2021/06/21 8:15 p.m.•16 views

CVE-2021-24377

8.1CVSS0.00485EPSS

Exploits2References1

Prion•added 2021/06/21 8:15 p.m.•15 views

Race condition

6.8CVSS7.2AI score0.23388EPSS

Exploits7References1Affected Software1

Prion•added 2021/06/21 8:15 p.m.•12 views

Design/Logic Flaw

3.5CVSS5.3AI score0.00225EPSS

Exploits2References1Affected Software1

Prion•added 2021/06/21 8:15 p.m.•20 views

Design/Logic Flaw

7.5CVSS7.8AI score0.23388EPSS

Exploits7References1Affected Software1

CVE•added 2021/06/21 7:18 p.m.•54 views

CVE-2021-24378

The CVE concerns the WordPress Autoptimize plugin prior to version 2.7.8. It does not validate for malicious files (e.g., .html) inside archives uploaded via the Import Settings feature. A high-privilege user could upload a crafted archive containing JavaScript in index.html inside the plugin dir...

4.8CVSS5.2AI score0.00225EPSS

Exploits2References1Affected Software1

Cvelist•added 2021/06/21 7:18 p.m.•17 views

CVE-2021-24378 Autoptimize < 2.7.8 - Authenticated Stored XSS via File Upload

6.5AI score0.00225EPSS

Exploits2References1

Cvelist•added 2021/06/21 7:18 p.m.•25 views

CVE-2021-24377 Autoptimize < 2.7.8 - Race Condition leading to RCE

7.6AI score0.00485EPSS

Exploits2References1

CVE•added 2021/06/21 7:18 p.m.•68 views

CVE-2021-24377

The CVE-2021-24377 entry relates to the WordPress Autoptimize plugin (versions before 2.7.8). The issue arises during the Import Settings workflow: malicious files are attempted to be removed after extraction, but a race condition between disk extraction and removal can permit a Remote Code Execu...

8.1CVSS7.2AI score0.00485EPSS

Exploits2References1Affected Software1

Cvelist•added 2021/06/21 7:18 p.m.•17 views

CVE-2021-24376 Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"

8.2AI score0.10014EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by