CVE-2020-36750
The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.List of 646 websites affected by CVE-2020-36750
The domain names are hidden due to the sensitivity of the data. Please click on the "Contact us" button above to get more information.
| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.******.jp |  Japan | **,*** | |
| **********.com |  United States | **,*** | |
| *************.com | United States | ***,*** | |
| *******************.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ***********.com |  Germany | ***,*** | |
| *********.com | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| ************.com |  Netherlands | ***,*** | |
| *************.com | United States | ***,*** | |
| *********.by |  Belarus | ***,*** | |
| *********.sk |  Slovakia | ***,*** | |
| ************.com | United States | ***,*** | |
| ****************.com |  GB | ***,*** | |
| ************.**.jp | Japan | ***,*** | |
| *****.info | Japan | ***,*** | |
| ***********.**.uk | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *********.org |  Switzerland | *,***,*** | |
| ********.me | United States | *,***,*** |