CVE-2023-2117

Name of the Vulnerable Software and Affected Versions The Image Optimizer by 10web WordPress plugin versions prior to 1.0.27

Description The issue allows high-privileged users, such as admins, to inspect names of files and directories outside of the site's root. This is due to the plugin not sanitizing the dir parameter when handling the get subdirs ajax action.

Recommendations For versions prior to 1.0.27, update to version 1.0.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the get subdirs ajax action to minimize the risk of exploitation.