Vulnerabilities > Wpmudev > Smush Image Compression AND Optimization

DATE CVE VULNERABILITY TITLE RISK
2022-05-30 CVE-2022-1009 Cross-site Scripting vulnerability in Wpmudev Smush Image Compression and Optimization
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting.
network
wpmudev CWE-79
4.3
2017-10-06 CVE-2017-15079 Path Traversal vulnerability in Wpmudev Smush Image Compression and Optimization
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
network
low complexity
wpmudev CWE-22
5.0