CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31924 – WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31924
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Exactly WWW EWWW Image Optimizer. Este problema afecta a EWWW Image Optimizer: desde n/a hasta 7.2.3. The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.3. This is due to missing or incorrect nonce validation on the check_for_o... • https://patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 12%CPEs: 1EXPL: 1CVE-2023-40600 – WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-40600
14 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Exactly WWW EWWW Image Optimizer. Solo funciona cuando debug.log está activado. Este problema afecta a EWWW Image Optimizer: desde n/a hasta 7.2.0. • https://github.com/RandomRobbieBF/CVE-2023-40600 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36750 – EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2020-36750
06 Sep 2020 — The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2016-20010 – EWWW Image Optimizer <= 2.8.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-20010
08 Jun 2016 — EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. EWWW Image Optimizer versiones anteriores a 2.8.5, permite una ejecución de comandos remota porque es basada en un mecanismo de protección que involucra boolval, que no está disponible antes de PHP versión 5.5 EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which i... • https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2014-6243 – EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-6243
09 Oct 2014 — Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message. Vulnerabilidad de XSS en el plugin EWWW Image Optimizer anterior a 2.0.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro e... • https://packetstorm.news/files/id/128621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •