VYPR
Critical severity9.9NVD Advisory· Published Jun 19, 2024· Updated Apr 8, 2026

CVE-2024-5853

CVE-2024-5853

Description

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Sirv/Sirv2 versions
    cpe:2.3:a:sirv:sirv:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:sirv:sirv:*:*:*:*:*:wordpress:*:*range: <7.2.7
    • (no CPE)range: <=7.2.6
  • WordPress/Sirvwp-canonicalize

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.