CVE-2024-8964 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-8964
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. • https://plugins.trac.wordpress.org/changeset/3162079 https://wordpress.org/plugins/sirv/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/39b2435f-32a3-4158-a734-c21a0cab15be?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-8480 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8480
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.7/sirv.php#L6331 https://plugins.trac.wordpress.org/browser/sirv/trunk/sirv.php?rev=3103410#L4647 https://plugins.trac.wordpress.org/changeset/3115018 https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve • CWE-862: Missing Authorization •
CVE-2024-6392 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update
https://notcve.org/view.php?id=CVE-2024-6392
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one. El complemento Image Optimizer, Resizer y CDN – Sirv para WordPress es vulnerable a modificaciones no autorizadas de la configuración del complemento debido a la falta de comprobaciones de capacidad en las funciones del complemento en todas las versiones hasta la 7.2.7 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien la cuenta Sirv conectada a una controlada por el atacante. • https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5197 https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5338 https://www.wordfence.com/threat-intel/vulnerabilities/id/229490c3-d820-4831-b105-a429512c2c60?source=cve • CWE-862: Missing Authorization •
CVE-2024-5853 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5853
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Image Optimizer, Resizer y CDN – Sirv para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validación del tipo de archivo en la acción AJAX sirv_upload_file_by_chanks en todas las versiones hasta la 7.2.6 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código. • https://plugins.trac.wordpress.org/changeset/3103410/sirv/trunk/sirv.php https://www.wordfence.com/threat-intel/vulnerabilities/id/e89b40ec-1952-46e3-a91b-bd38e62f8929?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-32959 – WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-32959
Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. La vulnerabilidad de gestión de privilegios incorrecta en Sirv permite la escalada de privilegios. Este problema afecta a Sirv: desde n/a hasta 7.2.2. The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_dismiss_notice() function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which could lead to privilege escalation. • https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •