Description
WordPress Plugin EWWW Image Optimizer is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin EWWW Image Optimizer version 5.8.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.8.2 or latest
References
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
https://plugins.svn.wordpress.org/ewww-image-optimizer/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Google Adsense and Hotel Booking Open Proxy (1.0.5)
WordPress Plugin WP Symposium Cross-Site Scripting (15.8.1)
WordPress Plugin Mang Board WP Unspecified Vulnerability (2.0.3)
Drupal Core 8.9.0 Security Bypass (8.9.0 - 8.9.0)
WordPress Plugin Another WordPress Classifieds Cross-Site Scripting (3.3.1)