339 matches found
CVE-2023-0619
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...
CVE-2023-0619
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...
Authorization
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...
CVE-2023-0619
The CVE-2023-0619 entry concerns the Kraken.io Image Optimizer WordPress plugin. Affected versions up to and including 2.6.8 are vulnerable to an authorization bypass caused by a missing capability check on AJAX actions, allowing authenticated attackers with subscriber-level permissions and above...
WordPress Plugin Kraken.io Image Optimizer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Kraken.io Image Optimizer Plugin <= 2.6.7 is vulnerable to Broken Access Control
Software Kraken.io Image Optimizer Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22708 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c68812a5173 Credits István Márton...
CVE-2022-4119
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-4119
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-4119 Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-4119 Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-4119
The CVE-2022-4119 entry concerns the WordPress plugin Image Optimizer, Resizer and CDN, prior to version 6.8.1. The vulnerability arises because the plugin does not adequately sanitize and escape certain settings, enabling Stored XSS by high-privilege users (such as admins) even when unfiltered_h...
WordPress plugin Image Optimizer, Resizer and CDN 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-13963 · WordPress · The Image Optimizer
Name of the Vulnerable Software and Affected Versions: The Image Optimizer, Resizer and CDN WordPress plugin versions prior to 6.8.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is...
Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Step 1: Install the plugin and register for a...
WordPress reSmush.it Image Optimizer License Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
CVE-2022-2450
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2450
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
Design/Logic Flaw
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2449 reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site...
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...