Security Advisory

CVE-2023-2113

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-30 07:49:13

Last updated 2025-01-10 21:05:32

Assigner WPScan

State PUBLISHED

Description

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup.

← Browse all CVEs View on cve.org ↗