CVE-2014-6243

Name of the Vulnerable Software and Affected Versions EWWW Image Optimizer plugin versions prior to 2.0.2

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the error parameter in the "ewww-image-optimizer.php" page to "wp-admin/options-general.php". This is possible because the error parameter is not properly handled in a pngout error message.

Recommendations For EWWW Image Optimizer plugin versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ewww-image-optimizer.php" page to minimize the risk of exploitation. Avoid using the error parameter in the affected page until the issue is resolved.