cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10855,https://securityvulnerability.io/vulnerability/CVE-2024-10855,"Unauthenticated attackers can delete arbitrary option values on WordPress site, leading to denial of service","The Sirv plugin for WordPress, specifically versions up to and including 7.3.0, contains a vulnerability that allows authenticated users with Contributor-level access and above to modify data inappropriately. This occurs due to insufficient validation on the filename parameter in the sirv_upload_file_by_chunks() function. The flaw enables attackers to delete arbitrary option values within the WordPress site. Such unauthorized modifications can lead to the deletion of options that might cause errors on the site, effectively resulting in denial of service for legitimate users and impacting the overall functionality of the website.",Wordpress,"Image Optimizer, Resizer And Cdn – Sirv",8.1,HIGH,0.0005099999834783375,false,,false,false,false,,false,false,2024-11-20T06:42:56.633Z,0
CVE-2024-8964,https://securityvulnerability.io/vulnerability/CVE-2024-8964,Stored Cross-Site Scripting (XSS) Vulnerability in The Image Optimizer Resizer and CDN – Sirv plugin for WordPress,"The Sirv plugin for WordPress is susceptible to a Stored Cross-Site Scripting attack through SVG file uploads. This vulnerability stems from inadequate input sanitization and output escaping protocols implemented in the plugin, exposing websites to potential exploitation. Authenticated users with Author-level access or higher can inject malicious web scripts that execute whenever a user accesses the compromised SVG file. Thus, it's crucial for website administrators to ensure their Sirv plugin is updated to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,"Image Optimizer, Resizer And Cdn – Sirv",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-08T07:32:27.666Z,0
CVE-2024-8480,https://securityvulnerability.io/vulnerability/CVE-2024-8480,Authenticated Attackers Can Exploit Plugin Vulnerability to Execute Remote Code,"The Sirv plugin for WordPress is susceptible to a vulnerability that permits unauthorized modification of data. This occurs due to a missing capability check in the 'sirv_save_prevented_sizes' function, making all versions up to and including 7.2.7 affected. Authenticated users with Contributor-level permissions and higher can exploit the flaw in the 'sirv_upload_file_by_chunks_callback' function. This function fails to perform adequate file type validation, enabling attackers to upload arbitrary files onto the server of the affected site, thereby potentially leading to remote code execution.",Wordpress,"Image Optimizer, Resizer And Cdn – Sirv",8.8,HIGH,0.0006699999794363976,false,,false,false,false,,false,false,2024-09-06T03:30:40.246Z,0
CVE-2024-6392,https://securityvulnerability.io/vulnerability/CVE-2024-6392,Unauthorized Plugin Settings Modification Vulnerability in Sirv for WordPress,"The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.",Wordpress,"Image Optimizer, Resizer And Cdn – Sirv",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-11T22:15:00.000Z,0
CVE-2024-5853,https://securityvulnerability.io/vulnerability/CVE-2024-5853,Arbitrary File Uploads Vulnerability in Sirv Plugin for WordPress,"The Sirv plugin for WordPress, specifically its Image Optimizer, Resizer, and CDN features, is vulnerable to issues stemming from insufficient file type validation in the sirv_upload_file_by_chanks AJAX action. This vulnerability impacts all versions up to and including 7.2.6, allowing authenticated users with Contributor-level access or higher to upload arbitrary files onto the impacted site's server. Such a flaw may pave the way for remote code execution, posing serious security risks to the integrity and functionality of the affected WordPress sites.",Wordpress,"Image Optimizer, Resizer And Cdn – Sirv",9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-19T05:37:44.888Z,0