CVE-2023-6699
🟠 Łataj w tym tygodniu
Wtyczka WP Compress umożliwia atakującym odczytanie plików serwera przez Directory Traversal.
CVSS
9.1
EPSS
3.4%
Exploit
none
Vendor
wpcompress
Opis źródłowy (NVD)
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
path-traversal
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.1 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 3.4% |
| Opublikowano (NVD) | 2024-01-11 07:15:09 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-08 19:18:58 UTC |
Referencje
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail= (security@wordfence.com) [Patch]
- https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve (security@wordfence.com) [Product, Third Party Advisory]