CVE-2023-2117 Information

Description

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.

Reference

https://wpscan.com/vulnerability/44024299-ba40-4da7-81e1-bd44d10846f3