QwikSec

Security Database

CVE

CWE

Training

CVE-2014-6243

Published: Oct 10, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20141008 Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin

mailing-list

x_refsource_BUGTRAQ

https://wordpress.org/plugins/ewww-image-optimizer/changelog

x_refsource_CONFIRM

http://packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.html

x_refsource_MISC

https://www.htbridge.com/advisory/HTB23234

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.