cvedb.io
CVE-2023-2117
LOW · CVSS 2.7
EPSS exploitation probability: 0%
Published 2023-05-30T08:15:09.963 · Last modified 2026-06-17T05:51:26.683

Summary

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.

Affected products

10web — image_optimizer

Does this affect you?

Add your gear to cvedb and we'll alert you only when 10web ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.