CVE-2023-6699

Name of the Vulnerable Software and Affected Versions WP Compress – Image Optimizer [All-In-One] plugin for WordPress versions up to, and including, 6.10.33

Description The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, via the css parameter. This is a Directory Traversal vulnerability.

Recommendations For WP Compress – Image Optimizer [All-In-One] plugin for WordPress versions up to, and including, 6.10.33, update to a version later than 6.10.33 to resolve the issue. As a temporary workaround, consider restricting access to the css parameter to minimize the risk of exploitation.