Lucene search
PRIOn knowledge basePRION:CVE-2024-1335HistoryFeb 29, 2024 - 1:43 a.m.
Cross site request forgery (csrf)
2024-02-2901:43:00
PRIOn knowledge base
www.prio-n.com
11
cross-site request forgery
imagerecycle
wordpress
vulnerability
missing nonce validation
disable optimization
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Related
wpvulndb
wpvulndb
cvelist
cvelist
CVE-2024-1335
2024-02-20 18:56:42
nvd
nvd
CVE-2024-1335
2024-02-29 01:43:47
cve
cve
CVE-2024-1335
2024-02-29 01:43:47
wordfence
wordfence