cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6631,https://securityvulnerability.io/vulnerability/CVE-2024-6631,Unauthorized Data Modification Vulnerability in ImageRecycle Plugin,"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform unauthorized actions, such as updating plugin settings.",Wordpress,Imagerecycle PDF & Image Compression,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-24T02:32:20.287Z,0
CVE-2024-8120,https://securityvulnerability.io/vulnerability/CVE-2024-8120,ImageRecycle Plugin Vulnerable to Cross-Site Request Forgery,"The ImageRecycle pdf & image compression plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on critical functions within the plugin. This flaw enables attackers to trick site administrators into executing unauthorized actions, such as modifying plugin settings, through maliciously crafted requests. Site administrators should ensure they are using updated versions to mitigate potential security threats.",Wordpress,Imagerecycle PDF & Image Compression,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-24T02:32:19.125Z,0
CVE-2024-1090,https://securityvulnerability.io/vulnerability/CVE-2024-1090,Unauthorized Modification of Data in ImageRecycle Plugin,"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1091,https://securityvulnerability.io/vulnerability/CVE-2024-1091,Data Modification Vulnerability in ImageRecycle PDF & Image Compression Plugin,"The ImageRecycle PDF & Image Compression plugin for WordPress is susceptible to unauthorized data manipulation due to an inadequate capability check in the reinitialize function. This flaw impacts all versions up to and including 3.1.13, allowing authenticated users with subscriber-level access and higher to delete all data associated with the plugin. This vulnerability poses a significant risk to the integrity of image and PDF compression functionalities, potentially leading to severe data loss and disruption of service.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1334,https://securityvulnerability.io/vulnerability/CVE-2024-1334,Cross-Site Request Forgery Vulnerability in ImageRecycle Plugin for WordPress,"The ImageRecycle PDF & Image Compression plugin for WordPress is susceptible to Cross-Site Request Forgery due to improperly implemented nonce validation in the enableOptimization function. This flaw allows unauthenticated attackers to potentially enable image optimization features by tricking an administrator into clicking a specially crafted link, thereby executing unauthorized actions on the site.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1336,https://securityvulnerability.io/vulnerability/CVE-2024-1336,ImageRecycle Plugin Vulnerable to Cross-Site Request Forgery,"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0983,https://securityvulnerability.io/vulnerability/CVE-2024-0983,Unauthorized Data Modification in ImageRecycle Plugin for WordPress,"The ImageRecycle pdf & image compression plugin for WordPress contains a security flaw that allows authenticated users, including those with subscriber-level access, to manipulate data due to a missing capability check in the enableOptimization function. This vulnerability affects all versions up to and including 3.1.13, leading to potential unauthorized image optimization changes.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1089,https://securityvulnerability.io/vulnerability/CVE-2024-1089,Unauthorized Modification of Data Vulnerability in ImageRecycle's WordPress Plugin,"The ImageRecycle PDF & Image Compression Plugin for WordPress contains a vulnerability that allows authenticated users, specifically those with subscriber-level access or higher, to modify image optimization settings due to a lack of adequate capability checks on the optimizeAllOn function. This weakness can lead to unauthorized changes in data, thereby compromising the intended functionality of the plugin and potentially affecting website performance and security.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1335,https://securityvulnerability.io/vulnerability/CVE-2024-1335,ImageRecycle Plugin Vulnerable to Cross-Site Request Forgery,"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1338,https://securityvulnerability.io/vulnerability/CVE-2024-1338,ImageRecycle Plugin Vulnerable to Cross-Site Request Forgery,"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1339,https://securityvulnerability.io/vulnerability/CVE-2024-1339,Cross-Site Request Forgery Vulnerability in ImageRecycle Plugin for WordPress,"The ImageRecycle pdf & image compression plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability due to the lack of proper nonce validation in the reinitialize function. This flaw affects all versions up to and including 3.1.13, allowing attackers to exploit it by tricking a site administrator into performing unwanted actions. If successful, unauthorized users could remove all plugin data through crafted requests, making it imperative for site administrators to apply the latest security patches and validate user actions.",Wordpress,ImageRecycle pdf & image compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0984,https://securityvulnerability.io/vulnerability/CVE-2024-0984,Unauthorized Modification of Data Vulnerability in ImageRecycle Plugin,"The ImageRecycle pdf & image compression plugin for WordPress contains a vulnerability that allows for unauthorized modification of data. This issue arises from a missing capability check in the disableOptimization function, exposing authenticated users with subscriber-level access and above to disable crucial image optimization settings. The flaw affects all versions of the plugin up to and including 3.1.13, potentially leading to unintended alterations in website image optimization configurations, which could impact site performance and user experience.",Wordpress,Imagerecycle PDF & Image Compression,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0