Security Advisory

CVE-2023-2117

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-30 07:49:17

Last updated 2025-01-10 20:55:18

Assigner WPScan

State PUBLISHED

Description

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.

← Browse all CVEs View on cve.org ↗