Lucene search

K

Pdf-image Security Vulnerabilities

cve
cve

CVE-2024-1336

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify....

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
45
cve
cve

CVE-2024-1339

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove.....

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
50
cve
cve

CVE-2024-1338

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
45
cve
cve

CVE-2024-1335

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to.....

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
42
cve
cve

CVE-2024-1334

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
40
cve
cve

CVE-2024-1091

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
45
cve
cve

CVE-2024-1090

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level....

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
46
cve
cve

CVE-2024-1089

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
43
cve
cve

CVE-2024-0984

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-02-29 01:43 AM
46
cve
cve

CVE-2024-0983

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-29 01:43 AM
41
cve
cve

CVE-2023-40196

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.11...

7.1CVSS

6AI Score

0.0005EPSS

2023-09-04 12:15 PM
18
cve
cve

CVE-2023-30494

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10...

7.1CVSS

6AI Score

0.0005EPSS

2023-09-04 11:15 AM
12
cve
cve

CVE-2022-0423

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d...

5.4CVSS

5.2AI Score

0.001EPSS

2022-03-21 07:15 PM
66
cve
cve

CVE-2020-8132

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user...

9.8CVSS

9.5AI Score

0.006EPSS

2020-02-28 08:15 PM
95
cve
cve

CVE-2018-3757

Command injection exists in pdf-image v2.0.0 due to an unescaped string...

9.8CVSS

9.5AI Score

0.005EPSS

2018-06-01 07:29 PM
31