Vulnerabilities > Wpmudev > Smush Image Compression AND Optimization > 3.8.4

DATE CVE VULNERABILITY TITLE RISK
2022-05-30 CVE-2022-1009 Cross-site Scripting vulnerability in Wpmudev Smush Image Compression and Optimization
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting.
network
wpmudev CWE-79
4.3
4.3