Lucene search
K

345 matches found

OSV
OSV
added 2024/01/11 7:15 a.m.6 views

CVE-2023-6699

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS7.4AI score0.0087EPSS
Exploits0References2
Prion
Prion
added 2024/01/11 7:15 a.m.25 views

Directory traversal

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

5CVSS7AI score0.0087EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/11 6:49 a.m.33 views

CVE-2023-6699 WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

9.1CVSS9.1AI score0.0087EPSS
Exploits0References2
CVE
CVE
added 2024/01/11 6:49 a.m.65 views

CVE-2023-6699

CVE-2023-6699 affects the WP Compress – Image Optimizer [All-In-One] WordPress plugin. All versions up to and including 6.10.33 are vulnerable to directory traversal via the css parameter, allowing unauthenticated attackers to read arbitrary server files. Wordfence and other sources note a patch/...

9.1CVSS7.4AI score0.0087EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/12/04 12:0 a.m.17 views

WordPress EWWW Image Optimizer Plugin < 7.2.1 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ewww:imageoptimizer"; if description...

7.5CVSS7AI score0.02036EPSS
Exploits1References1
NVD
NVD
added 2023/11/30 3:15 p.m.28 views

CVE-2023-40600

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

7.5CVSS0.02036EPSS
Exploits1References1
OSV
OSV
added 2023/11/30 3:15 p.m.31 views

CVE-2023-40600

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

7.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2023/11/30 3:15 p.m.35 views

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

5CVSS7.1AI score0.02036EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 3:0 p.m.14 views

CVE-2023-40600 WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

5.3CVSS7.8AI score0.02036EPSS
Exploits1References1
CVE
CVE
added 2023/11/30 3:0 p.m.100 views

CVE-2023-40600

Affected software: WordPress EWWW Image Optimizer plugin ≤ 7.2.0. Vulnerability: Sensitive information exposure via the debug_log function, allowing unauthenticated access to sensitive debug data when debug logging is enabled. Root cause/vector: debug_log writes internal data to logs accessible t...

7.5CVSS7.8AI score0.02036EPSS
In wildExploits1References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 3:0 p.m.31 views

CVE-2023-40600 WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

5.3CVSS7.7AI score0.02036EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.7 views

WordPress Plugin EWWW Image Optimizer Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS6.2AI score0.02036EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.18 views

EWWW Image Optimizer < 7.2.1 - Unauthenticated Sensitive Information Exposure via Debug Log

Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled...

7.5CVSS6.9AI score0.02036EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.7 views

EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure

Description The EWWW Image Optimizer for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.2.0 due to the plugin saving debug logs in predictable locations. This can allow unauthenticated attackers to obtain information about installation paths, file...

6.8AI score
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2023/11/20 7:5 p.m.41 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ewww Image_Optimizer

CVE-2023-40600 EWWW Image Optimizer = 7.2.0 - Unauthentica...

7.5CVSS8.5AI score0.02036EPSS
Exploits1
Fedora
Fedora
added 2023/11/14 1:10 a.m.25 views

[SECURITY] Fedora 37 Update: optipng-0.7.8-1.fc37

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats BMP, GIF, PNM and TIFF to optimized PNG, and performs PNG integrity checks and corrections...

7.8CVSS7.7AI score0.00518EPSS
Exploits1
Patchstack
Patchstack
added 2023/11/14 12:0 a.m.23 views

WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure

Software EWWW Image Optimizer Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-40600 Patch priority Medium CVSS severity Medium 5.3 Developer Exactly WWW LLC PSID e83c448240a2 Credits Mika Required...

7.5CVSS6.4AI score0.02036EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.5 views

The vulnerability of the Image Optimizer plugin by 10web, a content management system for WordPress, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Image Optimizer plugin of the 10web content management system for WordPress is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

6.4CVSS6.7AI score0.0085EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/15 12:0 a.m.4 views

WordPress ShortPixel Image Optimizer Plugin < 5.4.2 is vulnerable to PHP Object Injection

Software ShortPixel Image Optimizer Type Plugin Vulnerable versions 5.4.2 Fixed in 5.4.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority Low CVSS severity Low 6.6 Developer ShortPixel PSID 5232103a110b Credits Unknown Required privilege Editor Published 15...

7.2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/16 12:15 p.m.4 views

CVE-2023-2122

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary...

6.1CVSS7.5AI score0.0085EPSS
Exploits2References1
Rows per page
Query Builder