Directory Traversal Vulnerability in WP Compress – Image Optimizer for WordPress
CVE-2023-6699

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WP Compress – Image Optimizer [All-In-One]
Vendor: CVE Published:; 11 January 2024

Summary

The WP Compress – Image Optimizer plugin for WordPress is susceptible to a directory traversal vulnerability via the css parameter. This flaw exists in all versions up to and including 6.10.33, allowing unauthenticated attackers to potentially read the content of arbitrary files on the server. Consequently, this could expose sensitive information, posing significant risks to website security and data integrity. Users of the plugin are advised to take immediate action to secure their installations.

Affected Version(s)

WP Compress – Image Optimizer [All-In-One] * <= 6.10.33

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2024
Vulnerability Reserved
Dec 11, 2023

Credit

Krzysztof Zając