CVE-2023-2117

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...

PT-2023-17958 · 10Web · The Image Optimizer

Name of the Vulnerable Software and Affected Versions: The Image Optimizer by 10web WordPress plugin versions prior to 1.0.27 Description: The issue allows high-privileged users, such as admins, to inspect names of files and directories outside of the site's root. This is due to the plugin not...