The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NWpcompress Wp Compress
APPWpcompress< 6.11.11
Powiązane podatności
Path Traversal w pluginie WP Compress dla WordPress — odczyt plików bez uwierzytelnienia
Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross...
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized ...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AresIT W...
Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abus...