Описание
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Ссылки
- Patch
- ProductThird Party Advisory
- Patch
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.10.33 (включая)
cpe:2.3:a:wpcompress:wp_compress:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 87%
0.03375
Низкий
9.1 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.1
github
около 2 лет назад
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
EPSS
Процентиль: 87%
0.03375
Низкий
9.1 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22