3 matches found
CVE-2023-2117
CVE-2023-2117 affects the WordPress plugin Image Optimizer by 10web (versions before 1.0.27). The issue comes from the plugin not sanitizing the dir parameter during the get_subdirs AJAX action, enabling high-privilege users (e.g., admins) to enumerate file and directory names outside the site ro...
CVE-2023-2117 Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...
WordPress Image Optimizer by 10web Plugin < 1.0.27 is vulnerable to Directory Traversal
Software Image Optimizer by 10web Type Plugin Vulnerable versions 1.0.27 Fixed in 1.0.27 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2117 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd4f37114439 Credits Chien Vuong Required privilege...