Unrated severityNVD Advisory· Published Oct 10, 2014· Updated May 6, 2026
CVE-2014-6243
CVE-2014-6243
Description
Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.
Affected products
2cpe:2.3:a:ewww_image_optimizer_plugin_project:ewww_image_optimizer_plugin:2.0.0:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:ewww_image_optimizer_plugin_project:ewww_image_optimizer_plugin:2.0.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:ewww_image_optimizer_plugin_project:ewww_image_optimizer_plugin:*:*:*:*:*:wordpress:*:*range: <=2.01
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- wordpress.org/plugins/ewww-image-optimizer/changelognvdPatch
- packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.htmlnvdExploit
- www.htbridge.com/advisory/HTB23234nvdExploit
- www.securityfocus.com/archive/1/533641/100/0/threadednvd
- www.securityfocus.com/bid/70190nvd
News mentions
0No linked articles in our index yet.