WP Compress < 6.10.34 – Unauthenticated Arbitrary File Read | CVE 2023-6699

Affects Plugins

wp-compress-image-optimizer

Fixed in 6.10.34

References

CVE

CVE-2023-6699

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44

Classification

Type

TRAVERSAL

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

8.6 (high)

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

8b99caba-98eb-4158-af11-317a1b9bad06

Timeline

Publicly Published

2024-01-03 (about 2 years ago)

Added

2024-01-03 (about 2 years ago)

Last Updated

2024-01-03 (about 2 years ago)

Other

Published

Title

Published

2024-04-04

Title

ARMember < 4.0.28 - Directory Traversal via X-FILENAME

Published

2024-08-16

Title

BackWPup < 4.0.2 - Admin+ Directory Traversal

Published

2022-08-22

Title

WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read

Published

2022-03-01

Title

WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE

Published

2022-05-16

Title

User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal