Unrated severityNVD Advisory· Published Apr 11, 2022· Updated Aug 2, 2024
Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting
CVE-2022-0969
Description
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Image optimization & Lazy Load by Optimoledescription
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2695242mitrex_refsource_CONFIRM
- wpscan.com/vulnerability/59a7a441-7384-4006-89b4-15345f70fabfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.