Cross-Site Scripting Vulnerability in EWWW Image Optimizer for WordPress
CVE-2014-6243

Currently unrated

Key Information:

Vendor: Wordpress
Status: Ewww Image Optimizer Plugin
Vendor: CVE Published:; 10 October 2014

Summary

The EWWW Image Optimizer plugin for WordPress is susceptible to cross-site scripting (XSS) attacks. This vulnerability permits unauthorized attackers to inject arbitrary web scripts or HTML into the website through the 'error' parameter in the ewww-image-optimizer.php page when accessed via wp-admin/options-general.php. The flaw in error handling can lead to the execution of malicious code, compromising the integrity and security of the affected WordPress site.

References

http://www.securityfocus.com/bid/70190

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/533641/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://wordpress.org/plugins/ewww-image-optimizer/changelog

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 10, 2014
Vulnerability Reserved
Sep 4, 2014