Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Wpmudev Subscribe
Filtered by product Smush Image Compression And Optimization
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1009 1 Wpmudev 1 Smush Image Compression And Optimization 2022-06-08 4.3 MEDIUM 6.1 MEDIUM
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file
CVE-2017-15079 1 Wpmudev 1 Smush Image Compression And Optimization 2017-10-13 5.0 MEDIUM 7.5 HIGH
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.