Description

WordPress Plugin EWWW Image Optimizer is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to prevent the browsing session for a user, thus denying service to legitimate users. WordPress Plugin EWWW Image Optimizer version 6.0.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 6.0.2 or latest

References

https://gist.github.com/mmmdzz/03df5177afd04b32ac190eb7907f3834

https://plugins.svn.wordpress.org/ewww-image-optimizer/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin NewStatPress Multiple Vulnerabilities (0.9.8)

WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.2)

WordPress Plugin PWAMP PHP Object Injection (1.0.0)

WordPress Plugin Table Maker Multiple Vulnerabilities (1.7)

WordPress Plugin Traffic Analyzer Cross-Site Scripting (3.3.2)

Severity

High

Classification

CVE-2020-29384 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Denial Of Service