Vulnerabilites related to Unknown - Autoptimize
CVE-2021-24377 (GCVE-0-2021-24377)
Vulnerability from cvelistv5
Published
2021-06-21 19:18
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Summary
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Autoptimize |
Version: 2.7.8 < 2.7.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autoptimize",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.8",
"status": "affected",
"version": "2.7.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcin W\u0119g\u0142owski"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the \u0027Import Settings\u0027 feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T19:18:23",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autoptimize \u003c 2.7.8 - Race Condition leading to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24377",
"STATE": "PUBLIC",
"TITLE": "Autoptimize \u003c 2.7.8 - Race Condition leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autoptimize",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.8",
"version_value": "2.7.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcin W\u0119g\u0142owski"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the \u0027Import Settings\u0027 feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24377",
"datePublished": "2021-06-21T19:18:23",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24376 (GCVE-0-2021-24376)
Vulnerability from cvelistv5
Published
2021-06-21 19:18
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the "Import Settings" functionality to achieve Remote Code Execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/93edcc23-894a-46c2-84d2-407dcb64ba1e | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Autoptimize |
Version: 2.7.8 < 2.7.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/93edcc23-894a-46c2-84d2-407dcb64ba1e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autoptimize",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.8",
"status": "affected",
"version": "2.7.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcin W\u0119g\u0142owski"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the \"Import Settings\" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the \"Import Settings\" functionality to achieve Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T19:18:22",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/93edcc23-894a-46c2-84d2-407dcb64ba1e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autoptimize \u003c 2.7.8 - Arbitrary File Upload via \"Import Settings\"",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24376",
"STATE": "PUBLIC",
"TITLE": "Autoptimize \u003c 2.7.8 - Arbitrary File Upload via \"Import Settings\""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autoptimize",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.8",
"version_value": "2.7.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcin W\u0119g\u0142owski"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the \"Import Settings\" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the \"Import Settings\" functionality to achieve Remote Code Execution."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/93edcc23-894a-46c2-84d2-407dcb64ba1e",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/93edcc23-894a-46c2-84d2-407dcb64ba1e"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24376",
"datePublished": "2021-06-21T19:18:22",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24378 (GCVE-0-2021-24378)
Vulnerability from cvelistv5
Published
2021-06-21 19:18
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/375bd694-1a30-41af-bbd4-8a8ee54f0dbf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Autoptimize |
Version: 2.7.8 < 2.7.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/375bd694-1a30-41af-bbd4-8a8ee54f0dbf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autoptimize",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.8",
"status": "affected",
"version": "2.7.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcin W\u0119g\u0142owski"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the \u0027Import Settings\u0027 feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T19:18:24",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/375bd694-1a30-41af-bbd4-8a8ee54f0dbf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autoptimize \u003c 2.7.8 - Authenticated Stored XSS via File Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24378",
"STATE": "PUBLIC",
"TITLE": "Autoptimize \u003c 2.7.8 - Authenticated Stored XSS via File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autoptimize",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.8",
"version_value": "2.7.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcin W\u0119g\u0142owski"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the \u0027Import Settings\u0027 feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/375bd694-1a30-41af-bbd4-8a8ee54f0dbf",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/375bd694-1a30-41af-bbd4-8a8ee54f0dbf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24378",
"datePublished": "2021-06-21T19:18:24",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24332 (GCVE-0-2021-24332)
Vulnerability from cvelistv5
Published
2021-05-24 10:58
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Autoptimize |
Version: 2.8.4 < 2.8.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autoptimize",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.4",
"status": "affected",
"version": "2.8.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T10:58:05",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autoptimize \u003c 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24332",
"STATE": "PUBLIC",
"TITLE": "Autoptimize \u003c 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autoptimize",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.8.4",
"version_value": "2.8.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24332",
"datePublished": "2021-05-24T10:58:05",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4057 (GCVE-0-2022-4057)
Vulnerability from cvelistv5
Published
2023-01-02 21:49
Modified
2025-04-10 17:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/95ee1b9c-1971-4c35-8527-5764e9ed64af | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Autoptimize |
Version: 0 < 3.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/95ee1b9c-1971-4c35-8527-5764e9ed64af"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4057",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T17:57:39.431154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T17:58:03.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Autoptimize",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Raad Haddad of Cloudyrion GmbH"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin\u0027s exported settings and logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T07:44:54.231Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/95ee1b9c-1971-4c35-8527-5764e9ed64af"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Autoptimize \u003c 3.1.0 - Sensitive Data Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4057",
"datePublished": "2023-01-02T21:49:37.650Z",
"dateReserved": "2022-11-18T10:47:28.021Z",
"dateUpdated": "2025-04-10T17:58:03.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2635 (GCVE-0-2022-2635)
Vulnerability from cvelistv5
Published
2022-09-16 08:40
Modified
2024-08-03 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Summary
The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Autoptimize |
Version: 3.1.1 < 3.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autoptimize",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.1",
"status": "affected",
"version": "3.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T08:40:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Autoptimize \u003c 3.1.1 - Admin+ Stored Cross Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2635",
"STATE": "PUBLIC",
"TITLE": "Autoptimize \u003c 3.1.1 - Admin+ Stored Cross Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autoptimize",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1.1",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2635",
"datePublished": "2022-09-16T08:40:30",
"dateReserved": "2022-08-03T00:00:00",
"dateUpdated": "2024-08-03T00:46:03.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2113 (GCVE-0-2023-2113)
Vulnerability from cvelistv5
Published
2023-05-30 07:49
Modified
2025-01-10 21:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/ddb4c95d-bbee-4095-aed6-25f6b8e63011 | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Autoptimize |
Version: 0 < 3.1.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ddb4c95d-bbee-4095-aed6-25f6b8e63011"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2113",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T21:05:27.587707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:05:32.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Autoptimize",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juampa Rodr\u00edguez"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T07:49:13.137Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/ddb4c95d-bbee-4095-aed6-25f6b8e63011"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Autoptimize \u003c 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-2113",
"datePublished": "2023-05-30T07:49:13.137Z",
"dateReserved": "2023-04-17T09:11:02.125Z",
"dateUpdated": "2025-01-10T21:05:32.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}