|Category:||Web application abuses|
|Title:||WordPress Autoptimize Plugin <= 2.7.6 RCE Vulnerability|
|Summary:||The WordPress plugin Autoptimize is prone; to a remote code execution (RCE) vulnerability.|
The WordPress plugin Autoptimize is prone
to a remote code execution (RCE) vulnerability.
The vulnerability exists because the ao_ccss_import AJAX call
does not ensure that the file provided is a legitimate Zip file,
allowing high privilege users to upload arbitrary files, such as PHP.
Successful exploitation would allow an authenticated attacker
to execute arbitrary commands on the target machine.
WordPress Autoptimize plugin through version 2.7.6.
Update to version 2.7.7.
Common Vulnerability Exposure (CVE) ID: CVE-2020-24948|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.