The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T06:49:34.348Z
Updated: 2024-11-06T19:01:00.473Z
Reserved: 2023-12-11T20:57:21.244Z
Link: CVE-2023-6699
Vulnrichment
Updated: 2024-08-02T08:35:14.887Z
NVD
Status : Modified
Published: 2024-01-11T07:15:09.357
Modified: 2024-11-21T08:44:23.127
Link: CVE-2023-6699
Redhat
No data.