CVE-2023-2122

Name of the Vulnerable Software and Affected Versions Image Optimizer by 10web WordPress plugin version 1.0.26 and earlier

Description The issue is related to the Image Optimizer by 10web WordPress plugin, which does not properly sanitise and escape the iowd tabs active parameter before rendering it in the plugin admin panel. This leads to a reflected Cross-Site Scripting issue, allowing an attacker to trick a logged-in admin into executing arbitrary JavaScript by clicking a link. The vulnerability can be exploited by a remote attacker to conduct cross-site scripting attacks.

Recommendations For versions prior to 1.0.27, update to version 1.0.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin admin panel to minimize the risk of exploitation. Avoid using the iowd tabs active parameter in the affected plugin admin panel until the issue is resolved.