Vulnerabilities > Autoptimize > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-21 | CVE-2021-24377 | Unspecified vulnerability in Autoptimize The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. | 8.1 |
| 2020-09-03 | CVE-2020-24948 | Unrestricted Upload of File with Dangerous Type vulnerability in Autoptimize The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. | 7.2 |