CVE-2024-5853

Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload

Severity Score

9.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

El complemento Image Optimizer, Resizer y CDN – Sirv para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validación del tipo de archivo en la acción AJAX sirv_upload_file_by_chanks en todas las versiones hasta la 7.2.6 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código.

*Credits: Lucio Sá

CVSS Scores

Wordfencev3.1 9.9

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-11 CVE Reserved
2024-06-18 CVE Published
2024-06-19 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

References (2)

URL	Tag	Source
https://plugins.trac.wordpress.org/changeset/3103410/sirv/trunk/sirv.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/e89b40ec-1952-46e3-a91b-bd38e62f8929?source=cve

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sirv Search vendor "Sirv"		Image Optimizer, Resizer And CDN – Sirv Search vendor "Sirv" for product "Image Optimizer, Resizer And CDN – Sirv"				<= 7.2.6 Search vendor "Sirv" for product "Image Optimizer, Resizer And CDN – Sirv" and version " <= 7.2.6"		en		Affected