WordPress Kraken.io Image Optimizer Plugin <= 2.6.8 is vulnerable to Broken Access Control

Software Kraken.io Image Optimizer Type Plugin Vulnerable versions = 2.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0619 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b987322713b6 Credits Marco Wotschka -...

CVE-2023-0619

creationtimestamp| type| source ---|---|--- 2023-02-01 22:14:22+00:00| seen| https://t.me/cibsecurity/57347...

CVE-2023-0619

The CVE-2023-0619 entry concerns the Kraken.io Image Optimizer WordPress plugin. Affected versions up to and including 2.6.8 are vulnerable to an authorization bypass caused by a missing capability check on AJAX actions, allowing authenticated attackers with subscriber-level permissions and above...

CVE-2023-0619 Kraken.io Image Optimizer <= 2.6.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...