The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...
9.9CVSS
9.7AI Score
0.001EPSS
Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through...
8.8CVSS
6.8AI Score
0.0004EPSS
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite....
4.8CVSS
4.7AI Score
0.001EPSS
8.8CVSS
9.1AI Score
0.002EPSS