cleantalk
Vulnerabilities and Security Researches

EWWW Image Optimizer, CVE-2014-6243

CVE, Research URL

CVE-2014-6243

Home page URL

Security reports for EWWW Image Optimizer

Application

EWWW Image Optimizer

Published on
Oct 10, 2014
Research Description
Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.
Affected versions
Min -, max 5.9.
Status
vulnerable
Previous vulnerability researches
EWWW Image Optimizer (CVE-2023-40600) , Jun 07, 2024
EWWW Image Optimizer (CVE-2016-20010) , Jun 07, 2024
EWWW Image Optimizer (CVE-2014-6243) , Jun 07, 2024
EWWW Image Optimizer (CVE-2021-4342) , Jun 07, 2024
EWWW Image Optimizer (CVE-2020-36750) , Jun 07, 2024
New vulnerability
WS Form LITE – Drag & Drop Contact Form Builder for WordPress (CVE-2025-3912) , Apr 28, 2025
Upsell Order Bump Offer for WooCommerce – Increase Sales and AOV, Upsell & Cross-sell Offers on Checkout Page (CVE-2025-3743) , Apr 28, 2025
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes (CVE-2025-3280) , Apr 28, 2025
FuseDesk (CVE-2025-3832) , Apr 27, 2025
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025