WordPress Plugin Vulnerabilities

EWWW Image Optimizer <= 2.8.3 - Remote Code Execution

Description

The EWWW Image Optimizer WordPress plugin was affected by a Remote Code Execution security vulnerability.

Affects Plugins

Plugin icon
ewww-image-optimizer
Fixed in 2.8.4

References

CVE
CVE-2016-20010
URL
https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/
URL
https://plugins.trac.wordpress.org/changeset/1433803/ewww-image-optimizer

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Verified
No
WPVDB ID
a7a49793-f1ba-483c-9b10-45e0a7ca42e6

Timeline

Publicly Published
2016-06-09 (about 9 years ago)
Added
2016-06-09 (about 9 years ago)
Last Updated
2021-05-06 (about 5 years ago)

Other

Published
Title
Published
2020-02-18
Title
ThemeREX Addons - Remote Code Execution
Published
2025-03-26
Title
PDF for WPForms < 5.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution
Published
2024-03-13
Title
Multiple Page Generator Plugin – MPG < 3.4.1 - Authenticated (Editor+) Remote Code Execution
Published
2025-08-07
Title
Code Engine < 0.3.4 - Authenticated (Contributor+) Remote Code Execution
Published
2025-01-03
Title
WordPress Popular Posts < 7.2.0 - Unauthenticated Arbitrary Shortcode Execution