Lws Optimize All In One Speed Booster Cache Tools
Monthly
Arbitrary file read in the LWS Optimize WordPress plugin (versions up to and including 3.3.19) permits authenticated users with Editor-level access or above to retrieve any file readable by the web-server process, including sensitive files such as wp-config.php. The vulnerable `combine_current_css()` function blindly trusts stylesheet href values harvested from page HTML, resolves them to absolute filesystem paths, and passes them to `file_get_contents()` without enforcing a safe-directory boundary or a `.css` extension check - a classic CWE-22 path traversal pattern. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but the attack path is straightforward given the source code is publicly accessible in the WordPress plugin repository.
Arbitrary file read in the LWS Optimize WordPress plugin (versions up to and including 3.3.19) permits authenticated users with Editor-level access or above to retrieve any file readable by the web-server process, including sensitive files such as wp-config.php. The vulnerable `combine_current_css()` function blindly trusts stylesheet href values harvested from page HTML, resolves them to absolute filesystem paths, and passes them to `file_get_contents()` without enforcing a safe-directory boundary or a `.css` extension check - a classic CWE-22 path traversal pattern. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but the attack path is straightforward given the source code is publicly accessible in the WordPress plugin repository.