CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-20010

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile5.45th
Published2021年5月5日
Last Modified2024年11月21日

Vulnerability Description

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.

Affected Platforms (CPE)

📦
Ewww

Image Optimizer

< 2.8.5

References & Advisories

🔗 https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt
🔗 https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/
🔗 https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt
🔗 https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/

相关漏洞威胁

CVE-2019-149069.8

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affec...

CVE-2019-252179.8

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local Fil...

CVE-2021-242209.1

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by T...

CVE-2017-150797.5

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.