CVE-2024-6392 Information

Jul 12, 2024 cve

Description

The Image Optimizer Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to and including 7.2.7. This makes it possible for authenticated attackers with Subscriber-level access and above to change the connected Sirv account to an attacker-controlled one.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/229490c3-d820-4831-b105-a429512c2c60?source=cve https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5197 https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5338

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: