CVE Published: 30/05/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: WPScan |
Vendor: Unknown |
Product: Image Optimizer by 10web Status : PUBLISHED
CVE-2023-2117 Description
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.