Reflected XSS Vulnerability in WP Compress - Image Optimizer [All-In-One]
CVE-2024-47384

7.1HIGH

Key Information:

Vendor: WP Compress
Status: WP Compress – Image Optimizer [all-in-one]
Vendor: CVE Published:; 5 October 2024

Summary

A reflected XSS vulnerability exists in WP Compress – Image Optimizer, allowing malicious actors to exploit improperly neutralized input during web page generation. This flaw enables attackers to execute arbitrary scripts in the context of the user's browser, which can lead to sensitive information disclosure, session hijacking, or further attacks on the affected site. All versions from n/a to 6.20.13 are affected, necessitating immediate attention to address potential security risks.

Affected Version(s)

WP Compress – Image Optimizer [All-In-One] <= 6.20.13

References

https://patchstack.com/database/vulnerability/wp-compress...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 5, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)