CVE-2024-8480
CVSS V2 None
CVSS V3 None
Description
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Overview
- CVE ID
- CVE-2024-8480
- Assigner
- Wordfence
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-06T03:30:40.246Z
- Last Modified Date
- 2024-09-06T03:30:40.246Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8480 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8480 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-09-06 13:03:06 | Added to TrackCVE |