Lucene search
K

345 matches found

OSV
OSV
added 2024/05/05 9:30 p.m.20 views

GHSA-6PJM-HMVF-H4RR image-optimizer allows PHAR deserialization

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...

8.8CVSS8.6AI score0.0188EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/05/05 9:30 p.m.21 views

image-optimizer allows PHAR deserialization

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...

8.8CVSS6.7AI score0.0188EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/05/05 9:15 p.m.16 views

CVE-2024-34515

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...

8.8CVSS6.4AI score0.0188EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/05 12:0 a.m.10 views

CVE-2024-34515

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...

6.7AI score0.0188EPSS
Exploits0References3
CVE
CVE
added 2024/05/05 12:0 a.m.63 views

CVE-2024-34515

CVE-2024-34515 affects the image-optimizer package prior to 1.7.3. The vulnerability stems from PHAR deserialization via the phar:// protocol in arguments to file_exists(), enabling deserialization of untrusted data and, per multiple sources, potential remote code execution. Affected versions are...

8.8CVSS6.6AI score0.0188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/05 12:0 a.m.7 views

PT-2024-25943 · Unknown · Image Optimizer

Name of the Vulnerable Software and Affected Versions: image-optimizer versions prior to 1.7.3 Description: The issue allows PHAR deserialization, for example, using the phar:// protocol in arguments to the file exists function. Recommendations: For versions prior to 1.7.3, update to version 1.7....

8.8CVSS7.3AI score0.0188EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/05/05 12:0 a.m.4 views

image-optimizer 安全漏洞

image-optimizer is an open source package from Spatie. It can run PNG, JPG, WEBP, AVIF, SVG and GIF through a range of various image optimization tools. A security vulnerability exists in versions of image-optimizer prior to 1.7.3 that stems from allowing PHAR deserialization...

8.8CVSS8.3AI score0.0188EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/04/20 12:0 a.m.18 views

WordPress EWWW Image Optimizer Plugin < 7.3.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ewww:imageoptimizer"; if description...

4.3CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2024/04/11 1:15 p.m.3 views

CVE-2024-32106

Cross-Site Request Forgery CSRF vulnerability in WP Compress WP Compress – Image Optimizer All-In-One.This issue affects WP Compress – Image Optimizer All-In-One: from n/a through 6.10.35...

8.8CVSS5.8AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2024/04/11 1:15 p.m.13 views

CVE-2024-32106

Cross-Site Request Forgery CSRF vulnerability in WP Compress WP Compress – Image Optimizer All-In-One.This issue affects WP Compress – Image Optimizer All-In-One: from n/a through 6.10.35...

8.8CVSS4.6AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/11 1:0 p.m.18 views

CVE-2024-32106 WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Compress WP Compress – Image Optimizer All-In-One.This issue affects WP Compress – Image Optimizer All-In-One: from n/a through 6.10.35...

4.3CVSS5AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/11 1:0 p.m.14 views

CVE-2024-32106 WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Compress WP Compress – Image Optimizer All-In-One.This issue affects WP Compress – Image Optimizer All-In-One: from n/a through 6.10.35...

4.3CVSS5.1AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2024/04/11 1:0 p.m.61 views

CVE-2024-32106

CVE-2024-32106 is a CSRF vulnerability in the WordPress plugin WP Compress – Image Optimizer (All-In-One) . Connected documents confirm the issue affects versions up to 6.10.35 . The available sources describe the vulnerability as CSRF with no publicly documented exploit details in the provided m...

8.8CVSS5.1AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/11 12:0 a.m.13 views

WordPress WP Compress – Image Optimizer [All-In-One] Plugin <= 6.10.35 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Compress – Image Optimizer All-In-One Type Plugin Vulnerable versions = 6.10.35 Fixed in 6.11.01 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32106 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4ae0be74f8a...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/11 12:0 a.m.4 views

PT-2024-24412 · WordPress · Wp Compress – Image Optimizer [All-In-One]

Name of the Vulnerable Software and Affected Versions: WP Compress – Image Optimizer All-In-One versions n/a through 6.10.35 Description: A Cross-Site Request Forgery CSRF issue affects the specified software. This type of issue allows an attacker to perform unintended actions on a web applicatio...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References6
NVD
NVD
added 2024/04/10 1:51 p.m.16 views

CVE-2024-31924

Cross-Site Request Forgery CSRF vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through = 7.2.3...

4.3CVSS4.6AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2024/04/10 1:2 p.m.49 views

CVE-2024-31924

CVE-2024-31924 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin EWWW Image Optimizer. Affected versions are 7.2.3 and earlier (listed as from n/a through 7.2.3). Public references indicate a remediation in version 7.3.0 (VendorFix), implying users should upgrade...

4.3CVSS5.9AI score0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/10 1:2 p.m.24 views

CVE-2024-31924 WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through = 7.2.3...

4.3CVSS4.9AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/10 1:2 p.m.14 views

CVE-2024-31924 WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through = 7.2.3...

4.3CVSS5.1AI score0.00253EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/10 12:59 p.m.8 views

WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin EWWW Image Optimizer versions = 7.2.3...

4.3CVSS7AI score0.00253EPSS
Exploits0Affected Software1
Rows per page
Query Builder