First published: Wed Aug 16 2023(Updated: )
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Image Optimizer | <1.0.27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2023-2122.
The affected software is the Image Optimizer by 10web WordPress plugin before version 1.0.27.
The severity of CVE-2023-2122 is medium.
CVE-2023-2122 allows an attacker to perform a reflected Cross-Site Scripting (XSS) attack on the plugin admin panel.
To fix CVE-2023-2122, update the Image Optimizer by 10web WordPress plugin to version 1.0.27 or later.