Impact
Unauthenticated Cross Site Scripting in the WordPress Optimole plugin allows an attacker to inject malicious scripts that execute in the browsers of users who view affected content. This vulnerability is classified as CWE‑79.
Affected Systems
The affected software is the WordPress Optimole plugin, a popular image optimization tool. Any WordPress installation running Optimole version 4.2.7 or earlier is susceptible. No specific WordPress core version is required for exploitation.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Attackers can exploit the flaw by submitting a crafted request that injects script code, which is then rendered in the browser of unauthenticated visitors or site administrators, making the vulnerability actionable even without privileged access.
OpenCVE Enrichment