The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
WordPress
Image Optimizer
NVD
WPScan
CVSS 3.1
2.7
EPSS
0.7%
Lima launches Linux virtual machines, typically on macOS, for running containerd. Rated low severity (CVSS 2.5), this vulnerability is no authentication required.
Path Traversal
Information Disclosure
Apple
Lima
NVD
GitHub
CVSS 3.1
2.5
EPSS
0.3%