7 matches found
CVE-2023-22708
Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7...
CVE-2023-22708
CVE-2023-22708 affects the WordPress Kraken.io Image Optimizer plugin up to version 2.6.7. The vulnerability is a Broken Access Control due to missing authorization (invalid access control configuration). Impact is described as low with low exploitation likelihood; CVSS v3.1 base score 4.3. The i...
WordPress Kraken.io Image Optimizer Plugin <= 2.6.8 is vulnerable to Broken Access Control
Software Kraken.io Image Optimizer Type Plugin Vulnerable versions = 2.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0619 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b987322713b6 Credits Marco Wotschka -...
CVE-2023-0619
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...
WordPress Plugin Kraken.io Image Optimizer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-38454
Cross-Site Request Forgery CSRF vulnerability in Kraken.io Image Optimizer plugin = 2.6.5 at WordPress...
PT-2022-24413 · Kraken.Io · Kraken.Io Image Optimizer
Name of the Vulnerable Software and Affected Versions: Kraken.io Image Optimizer plugin versions = 2.6.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...