Smush Image Compression and Optimization <= 2.7.5 – File Transversal | CVE 2017-15079

Affects Plugins

wp-smushit

Fixed in 2.7.6

References

CVE

CVE-2017-15079

URL

https://plugins.trac.wordpress.org/changeset/1740658/wp-smushit

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

7.5 (high)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

ad29f678-56cd-49b7-9d2e-7a0c4de930a8

Timeline

Publicly Published

2017-09-21 (about 8 years ago)

Added

2017-10-09 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-10-30

Title

Zombify < 1.7.6 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read

Published

2017-06-22

Title

WP Rocket <= 2.10.3 - Local File Inclusion (LFI)

Published

2024-01-26

Title

Backuply – Backup, Restore, Migrate and Clone < 1.2.4 - Admin+ Directory Traversal

Published

2023-11-05

Title

LifterLMS < 7.5.0 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion

Published

2021-06-09

Title

Motor theme < 3.1.0 - Unauthenticated Local File Inclusion