The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which are inserted into JavaScript code via str_replace() without proper JavaScript context escaping in the replace_content() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
The Optimole WordPress plugin versions up to 4.2.3 contain a reflected XSS vulnerability in URL path handling that allows unauthenticated attackers to inject malicious scripts. Attackers can exploit this by tricking users into clicking crafted links that execute arbitrary JavaScript in their browsers.
ثغرة XSS منعكسة في إضافة Optimole لـ WordPress تنتج عن عدم كفاية الهروب من المخرجات في دالة get_current_url() عند التعامل مع مسارات URL التي يوفرها المستخدم. يتم إدراج هذه المسارات في كود JavaScript عبر دالة str_replace() دون الهروب المناسب في سياق JavaScript في دالة replace_content().
The Optimole WordPress plugin versions up to 4.2.3 contain a reflected XSS vulnerability in URL path handling that allows unauthenticated attackers to inject malicious scripts. Attackers can exploit this by tricking users into clicking crafted links that execute arbitrary JavaScript in their browsers.
Update Optimole plugin to version 4.2.4 or later immediately. Review and audit all WordPress installations using this plugin. Implement Web Application Firewall (WAF) rules to detect and block XSS attempts. Educate users about phishing and suspicious link risks.
قم بتحديث إضافة Optimole إلى الإصدار 4.2.4 أو أحدث فوراً. راجع وتدقيق جميع تثبيتات WordPress التي تستخدم هذه الإضافة. طبق قواعد جدار حماية تطبيقات الويب لكشف ومنع محاولات XSS. وعي المستخدمين بمخاطر الرسائل الاحتيالية والروابط المريبة.