2 matches found
CVE-2023-2122
The CVE-2023-2122 entry concerns the Image Optimizer by 10web WordPress plugin (versions up to 1.0.26). It is vulnerable to a reflected XSS via the iowd_tabs_active parameter, which is sanitized/escaped insufficiently before rendering in the plugin admin panel. Impact is that an attacker could lu...
CVE-2023-2117
CVE-2023-2117 affects the WordPress plugin Image Optimizer by 10web (versions before 1.0.27). The issue comes from the plugin not sanitizing the dir parameter during the get_subdirs AJAX action, enabling high-privilege users (e.g., admins) to enumerate file and directory names outside the site ro...