Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10 versions.
7.1CVSS
6AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.11 versions.
7.1CVSS
6AI Score
0.001EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-lev...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-le...
4.3CVSS
4.6AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level ac...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level ...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level acc...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to en...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to d...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify ...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modif...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove a...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access a...
5CVSS
4.9AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for un...
4.7CVSS
4.5AI Score
0.0005EPSS