2 matches found
CVE-2021-24378
The CVE concerns the WordPress Autoptimize plugin prior to version 2.7.8. It does not validate for malicious files (e.g., .html) inside archives uploaded via the Import Settings feature. A high-privilege user could upload a crafted archive containing JavaScript in index.html inside the plugin dir...
CVE-2021-24378 Autoptimize < 2.7.8 - Authenticated Stored XSS via File Upload
The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execut...