cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4445,https://securityvulnerability.io/vulnerability/CVE-2024-4445,Unauthorized Modification of Data in WP Compress Image Optimizer Plugin,"The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings, including storing cross-site scripting, in multisite environments.",Wordpress,WP Compress – Image Optimizer [all-in-one],6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T05:32:59.624Z,0
CVE-2023-6812,https://securityvulnerability.io/vulnerability/CVE-2023-6812,Unauthenticated Open Redirect Vulnerability in WP Compress Image Optimizer,"The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",Wordpress,WP Compress – Image Optimizer [all-in-one],4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T02:01:28.913Z,0
CVE-2024-1934,https://securityvulnerability.io/vulnerability/CVE-2024-1934,Unauthorized Data Modification in WP Compress Image Optimizer Plugin for WordPress,"The WP Compress – Image Optimizer plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the 'wps_local_compress::__construct' function. This vulnerability affects all versions up to and including 6.11.10, enabling unauthenticated attackers to reset the CDN region and maliciously alter the image delivery URL. This can lead to potential exploitation where attackers can serve inappropriate or harmful content through compromised images.",Wordpress,WP Compress – Image Optimizer [all-in-one],7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:05.625Z,0
CVE-2023-6699,https://securityvulnerability.io/vulnerability/CVE-2023-6699,Directory Traversal Vulnerability in WP Compress – Image Optimizer for WordPress,"The WP Compress – Image Optimizer plugin for WordPress is susceptible to a directory traversal vulnerability via the css parameter. This flaw exists in all versions up to and including 6.10.33, allowing unauthenticated attackers to potentially read the content of arbitrary files on the server. Consequently, this could expose sensitive information, posing significant risks to website security and data integrity. Users of the plugin are advised to take immediate action to secure their installations.",Wordpress,WP Compress – Image Optimizer [All-In-One],7.5,HIGH,0.0012799999676644802,false,,false,false,false,,false,false,2024-01-11T06:49:34.348Z,0