{"uuid": "383fc1de-86a0-4ca5-b4e4-67f6f8b9dfc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2117", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1221", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2117\n\ud83d\udd39 Description: The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.\n\ud83d\udccf Published: 2023-05-30T07:49:17.892Z\n\ud83d\udccf Modified: 2025-01-10T20:55:18.959Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/44024299-ba40-4da7-81e1-bd44d10846f3", "creation_timestamp": "2025-01-10T21:03:39.000000Z"}