CVE-2023-22708 – WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-22708

17 Jan 2023 — Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7. TheKraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its kraken_media_library_reset_all AJAX action in versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level permi... • https://patchstack.com/database/wordpress/plugin/kraken-image-optimizer/vulnerability/wordpress-kraken-io-image-optimizer-plugin-2-6-7-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •