CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1009 – Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1009
03 May 2022 — The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file El plugin Smush de WordPress versiones anteriores a 3.9.9, no sanea y escapa de un parámetro de configuración antes de devolverlo a una página de administración cuando es car... • https://wpscan.com/vulnerability/bb5af08f-bb19-46a1-a7ac-8381f428c11e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15079 – Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-15079
21 Sep 2017 — The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. El plugin Smush Image Compression and Optimization en versiones anteriores a la 2.7.6 para WordPress permite el salto de directorios. • https://wordpress.org/plugins/wp-smushit/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •