CVE-2023-2113
Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings ImportThe Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup.
We have discovered 9,625 live websites that are affected by CVE-2023-2113.
Contact us to get more info
Affected Software
| |
---|
Product | Autoptimize |
Category | Widgets |
Vulnerable Versions | |
Total Vulnerable Versions | 1,307 |
Vulnerable Domains | 9,625 live websites (12.96% of Autoptimize install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')