Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.

N/A

N/A

WordPress Plugin Image Optimizer by 10web 跨站脚本漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Image Optimizer by 10web 1.0.27之前版本存在跨站脚本漏洞，该漏洞源于参数iowd_tabs_active存在反射型跨站脚本（XSS）漏洞。

N/A

N/A