CVE-2024-32959 – WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-32959
Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. La vulnerabilidad de gestión de privilegios incorrecta en Sirv permite la escalada de privilegios. Este problema afecta a Sirv: desde n/a hasta 7.2.2. The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_dismiss_notice() function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which could lead to privilege escalation. • https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVE-2024-27950 – WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2024-27950
Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. Vulnerabilidad de autorización faltante en sirv.Com Image Optimizer, Resizer y CDN – Sirv. Este problema afecta a Image Optimizer, Resizer y CDN – Sirv: desde n/a hasta 7.2.0. The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-27949 – WordPress Sirv Plugin <= 7.2.0 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2024-27949
Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. Vulnerabilidad de Server-Side Request Forgery (SSRF) en sirv.Com Image Optimizer, Resizer y CDN – Sirv. Este problema afecta a Image Optimizer, Resizer y CDN – Sirv: desde n/a hasta 7.2.0. The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-50898 – WordPress Image Optimizer, Resizer and CDN – Sirv plugin <= 7.1.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50898
Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. Vulnerabilidad de autorización faltante en sirv.Com Sirv. Este problema afecta a Sirv: desde n/a hasta 7.1.2. The Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_disconnect function hooked via AJAX in versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to disconnect the sites serv account. • https://patchstack.com/database/vulnerability/sirv/wordpress-image-optimizer-resizer-and-cdn-sirv-plugin-7-1-2-broken-access-control-csrf-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2016-10950 – Image Optimizer, Resizer and CDN – Sirv < 1.3.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10950
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. El plugin sirv versiones anteriores a 1.3.2 para WordPress, presenta una inyección SQL por medio del parámetro id. • http://lenonleite.com.br/en/2016/11/10/sirv-1-3-1-plugin-for-wordpress https://wordpress.org/plugins/sirv/#developers https://wpvulndb.com/vulnerabilities/8673 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •