github - ghsa-4mwh-2xx5-5vp9

ghsa-4mwh-2xx5-5vp9

Vulnerability from github

Published

2024-05-14 18:30

Modified

2025-08-09 03:31

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-6812"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T16:15:51Z",
    "severity": "MODERATE"
  },
  "details": "The WP Compress \u2013 Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the \u0027css\u0027 parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",
  "id": "GHSA-4mwh-2xx5-5vp9",
  "modified": "2025-08-09T03:31:06Z",
  "published": "2024-05-14T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6812"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3082085/wp-compress-image-optimizer/trunk/fixCss.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbbf9fbb-74fd-42eb-a781-2a720fe56b13?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-6812 (GCVE-0-2023-6812)

Vulnerability from cvelistv5

Published

2024-05-14 02:01

Modified

2024-08-02 08:42

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Summary

References

▼	URL	Tags
	https://www.wordfence.com/threat-intel/vulnerabilities/id/cbbf9fbb-74fd-42eb-a781-2a720fe56b13?source=cve
	https://plugins.trac.wordpress.org/changeset/3082085/wp-compress-image-optimizer/trunk/fixCss.php

Impacted products

	Vendor	Product	Version
	smartersite	WP Compress – Image Optimizer [All-In-One]	Version: * ≤ 6.20.01

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6812",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T16:12:56.476945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:00.493Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:07.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbbf9fbb-74fd-42eb-a781-2a720fe56b13?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/3082085/wp-compress-image-optimizer/trunk/fixCss.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP Compress \u2013 Image Optimizer [All-In-One]",
          "vendor": "smartersite",
          "versions": [
            {
              "lessThanOrEqual": "6.20.01",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP Compress \u2013 Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the \u0027css\u0027 parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T02:01:28.913Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbbf9fbb-74fd-42eb-a781-2a720fe56b13?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3082085/wp-compress-image-optimizer/trunk/fixCss.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-13T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "WP Compress \u2013 Image Optimizer [All-In-One] \u003c= 6.20.01 - Open Redirect via css"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-6812",
    "datePublished": "2024-05-14T02:01:28.913Z",
    "dateReserved": "2023-12-13T22:06:18.460Z",
    "dateUpdated": "2024-08-02T08:42:07.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted