Vulnerabilities > CVE-2023-2117 - Unspecified vulnerability in 10Web Image Optimizer

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

10web

NVD

Published: 2023-05-30

Updated: 2023-11-07

Summary

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.

Vulnerable Configurations

Part	Description	Count
Application	10Web 10Web Image Optimizer *	1

References

https://wpscan.com/vulnerability/44024299-ba40-4da7-81e1-bd44d10846f3