Security Advisory

CVE-2023-2122

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-08-16 11:03:20

Last updated 2024-10-08 19:57:23

Assigner WPScan

State PUBLISHED

Description

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.

← Browse all CVEs View on cve.org ↗