VYPR
Get started
← All vendors
Vendor

Sirv

Sign in to watch
Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2024-5853Cri0.659.90.10Jun 19, 2024The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-32959Hig0.578.80.01May 17, 2024Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.
CVE-2025-46233Med0.426.50.00Apr 22, 2025Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv sirv allows Stored XSS.This issue affects Sirv: from n/a through <= 7.5.3.
CVE-2024-6392Med0.355.40.00Jul 11, 2024The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.
CVE-2023-50898Med0.355.40.00Mar 15, 2024Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2.
CVE-2024-27950Med0.355.40.00Mar 1, 2024Missing Authorization vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.0.
CVE-2024-27949Med0.355.40.00Mar 1, 2024Server-Side Request Forgery (SSRF) vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.0.