VYPR
Unrated severityNVD Advisory· Published Sep 6, 2024· Updated Apr 8, 2026

Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload

CVE-2024-8480

Description

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Sirv/Sirvllm-fuzzy
    Range: <=7.2.7
  • sirv/Image Optimizer, Resizer and CDN – Sirvv5
    Range: 0
  • WordPress/Sirvwp-canonicalize

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.