CyberSec.Space Logo
Back to CVE Browser

CVE-2016-20010

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile5.45th
PublishedMay 5, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.

Affected Platforms (CPE)

📦
Ewww

Image Optimizer

< 2.8.5

References & Advisories

🔗 https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt
🔗 https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/
🔗 https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt
🔗 https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/

Related Vulnerabilities

CVE-2019-149069.8

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affec...

CVE-2019-252179.8

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local Fil...

CVE-2021-242209.1

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by T...

CVE-2017-150797.5

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.