Filtered by vendor Autoptimize
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24378 | 1 Autoptimize | 1 Autoptimize | 2021-06-25 | 3.5 LOW | 4.8 MEDIUM |
| The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory. | |||||
| CVE-2021-24332 | 1 Autoptimize | 1 Autoptimize | 2021-05-28 | 3.5 LOW | 4.8 MEDIUM |
| The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues | |||||