CVE-2023-6699 in WP Compress Plugininfo

Summary

by MITRE • 01/11/2024

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/11/2026

The WP Compress - Image Optimizer plugin for WordPress presents a critical directory traversal vulnerability that affects all versions up to and including 6.10.33. This vulnerability resides in the css parameter handling mechanism, allowing unauthenticated attackers to exploit the flaw without requiring any prior authentication or authorization. The vulnerability stems from insufficient input validation and sanitization within the plugin's file handling routines, creating a pathway for malicious actors to access arbitrary files on the affected server. The issue manifests when the plugin processes the css parameter without proper restrictions on file path traversal sequences, enabling attackers to navigate beyond the intended directory boundaries and retrieve sensitive data from the file system.

The technical exploitation of this vulnerability follows a directory traversal pattern that aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory. Attackers can construct malicious requests containing directory traversal sequences such as ../ or ..\ to access files outside the plugin's intended scope. This flaw enables the retrieval of configuration files, database credentials, user information, and other sensitive data that may be stored within the WordPress installation directory structure. The vulnerability's impact extends beyond simple file reading, as it can potentially expose the entire WordPress file system including core files, plugin files, and theme files that may contain hardcoded credentials or sensitive configuration data.

The operational impact of this vulnerability is severe and multifaceted, as it provides attackers with unrestricted access to sensitive server information that can be leveraged for further exploitation. Unauthenticated access means that any attacker with knowledge of the vulnerable plugin can immediately exploit this flaw without requiring credentials, making it particularly dangerous in environments where WordPress installations are publicly accessible. The exposure of sensitive files can lead to complete system compromise, as database credentials, API keys, and other confidential information can be extracted and used to gain deeper access to the affected systems. Additionally, the vulnerability can be exploited to read WordPress core files, plugin files, and theme files, potentially revealing implementation details that could be used for more sophisticated attacks.

Mitigation strategies for this vulnerability should prioritize immediate patching of the affected plugin to version 6.10.34 or later, which contains the necessary security fixes. System administrators should implement network-level protections such as web application firewalls that can detect and block directory traversal attempts in the css parameter. Input validation should be strengthened at the application level to prevent malicious path traversal sequences from being processed. Regular security audits of WordPress installations should include checks for vulnerable plugins and ensure all components are updated to their latest secure versions. The vulnerability also highlights the importance of implementing principle of least privilege access controls and regular file system permissions reviews to limit the potential damage from such exploits. Organizations should monitor for exploitation attempts through log analysis and implement proper intrusion detection systems that can identify directory traversal patterns and alert security teams to potential attacks.

Responsible

Wordfence

Reservation

12/11/2023

Disclosure

01/11/2024

Moderation

accepted

CPE

ready

EPSS

0.00870

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!