CVE-2023-6699

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpcompress:wp_compress:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail= - Patch () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve - Product, Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve - Product, Third Party Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 9.1

17 Jan 2024, 00:02

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve - Product, Third Party Advisory
CPE cpe:2.3:a:wpcompress:wp_compress:*:*:*:*:*:wordpress:*:*
First Time Wpcompress
Wpcompress wp Compress
CWE CWE-22
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 7.5

11 Jan 2024, 13:57

Type Values Removed Values Added
Summary
  • (es) El complemento WP Compress – Image Optimizer [All-In-One] para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 6.10.33 incluida a través del parámetro css. Esto hace posible que atacantes no autenticados lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial.

11 Jan 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-11 07:15

Updated : 2024-11-21 08:44


NVD link : CVE-2023-6699

Mitre link : CVE-2023-6699

CVE.ORG link : CVE-2023-6699


JSON object : View

Products Affected

wpcompress

  • wp_compress
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')