CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31924 – WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31924
Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Exactly WWW EWWW Image Optimizer. Este problema afecta a EWWW Image Optimizer: desde n/a hasta 7.2.3. The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.3. This is due to missing or incorrect nonce validation on the check_for_optin() and check_for_optout() functions. • https://patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2014-6243 – EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-6243
Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message. Vulnerabilidad de XSS en el plugin EWWW Image Optimizer anterior a 2.0.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro error en la página ewww-image-optimizer.php en wp-admin/options-general.php, lo que no se maneja debidamente en un mensaje de error pngout. WordPress EWWW Image Optimizer plugin version 2.0.1 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/533641/100/0/threaded http://www.securityfocus.com/bid/70190 https://wordpress.org/plugins/ewww-image-optimizer/changelog https://www.htbridge.com/advisory/HTB23234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •