CVE-2024-13438

The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsizeclearcsscacheaction' function. This makes it possible for unauthenticated...

CVE-2024-13438

CVE-2024-13438 affects the SpeedSize Image & Video AI-Optimizer WordPress plugin (affected versions: ≤1.5.1). The issue is Cross-Site Request Forgery on speedsize_clear_css_cache_action, allowing unauthenticated attackers to clear the plugin cache by tricking a site administrator into performing ...

CVE-2024-13438 SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache

The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsizeclearcsscacheaction' function. This makes it possible for unauthenticated...

CVE-2024-13438 SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache

The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsizeclearcsscacheaction' function. This makes it possible for unauthenticated...