Lucene search

WpvulndbWPVDB-ID:F05AE683-252A-43DA-982F-4C7F923BE28A

HistoryMay 20, 2024 - 12:00 a.m.

JCH Optimize < 4.2.1 - Authenticated (Subscriber+) Directory Traversal

2024-05-2000:00:00

wpscan.com

jch optimize

wordpress

vulnerable

directory traversal

authenticated

access

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

10.5%

JSON

Description The JCH Optimize plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to access directory information on the Optimize Image page.

References

www.wordfence.com/threat-intel/vulnerabilities/id/b08194e9-6e6e-484c-bc5b-87235379d3b1

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

10.5%

JSON

Related for WPVDB-ID:F05AE683-252A-43DA-982F-4C7F923BE28A