← Back to CVE List

CVE-2024-8480

Published: 2024-09-06T04:15Z
Last Modified: 2024-09-26T18:13Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt