CVE-2023-6699
CRITICALDescription
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Is your site exposed to CVE-2023-6699?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| wpcompress | wp_compress |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2023-6699? +
How severe is CVE-2023-6699? +
What products are affected by CVE-2023-6699? +
How do I check if I'm vulnerable to CVE-2023-6699? +
Related Vulnerabilities
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs …
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the …
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. …
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller …
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in …
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing …