The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-30T07:49:17.892Z
Updated: 2024-08-02T06:12:20.449Z
Reserved: 2023-04-17T12:36:12.389Z
Link: CVE-2023-2117
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-30T08:15:09.963
Modified: 2024-11-21T07:57:58.170
Link: CVE-2023-2117
Redhat
No data.