CVE-2023-0619 Information

Description

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to and including 2.6.8. This makes it possible for authenticated attackers with subscriber-level permissions and above to reset image optimizations.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e36-d7d0fad833de https://plugins.trac.wordpress.org/browser/kraken-image-optimizer/tags/2.6.6/kraken.php#L705