漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection
Vulnerability Description
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the Image_Backup::remove() function where backup file paths stored in post meta are used directly in file deletion operations without verifying they are within the uploads directory. The plugin stores backup file paths in the image_optimizer_metadata post meta field and trusts these paths completely when deleting backups on the delete_attachment hook. An authenticated attacker with Author-level access can edit the image_optimizer_metadata post meta on their own attachments via WordPress's Custom Fields interface, injecting arbitrary absolute file paths into the backups array. When the attacker subsequently deletes the attachment, the plugin calls File_System::delete() on each path without validation. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server within the web server's filesystem permissions, potentially leading to denial of service, data loss, or security degradation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Elementor Image Optimizer – Optimize Images and Convert to WebP or AVIF 输入验证错误漏洞
Vulnerability Description
Elementor Image Optimizer – Optimize Images and Convert to WebP or AVIF是以色列Elementor公司的一款WordPress图像优化插件。 Elementor Image Optimizer – Optimize Images and Convert to WebP or AVIF 1.7.4及之前版本存在输入验证错误漏洞,该漏洞源于Image_Backup::remove()函数中路径验证不足,备份文件路径存储在post meta中
CVSS Information
N/A
Vulnerability Type
N/A