WordPress Plugin Vulnerabilities

Image Optimizer, Resizer and CDN – Sirv < 7.2.1 - Missing Authorization

Description

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.

Affects Plugins

Plugin icon
sirv
Fixed in 7.2.1

References

CVE
CVE-2024-27950
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/46030da6-6d9f-4934-a93c-4cd564510f36

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
CatFather
Verified
No
WPVDB ID
2f35c3c3-d674-4921-84a4-8838be774c38

Timeline

Publicly Published
2024-03-01 (about 2 years ago)
Added
2024-03-04 (about 2 years ago)
Last Updated
2024-03-04 (about 2 years ago)

Other

Published
Title
Published
2026-01-27
Title
HAPPY < 1.0.9 - Missing Authorization
Published
2025-11-30
Title
SiteGround Security <= 1.5.8 - Missing Authorization
Published
2024-03-06
Title
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) < 2.8.8 - Missing Authorization to Unauthenticated Media Deletion
Published
2024-09-24
Title
Uncanny Groups for LearnDash < 6.1.1 - Authenticated (Group Leader+) Privilege Escalation
Published
2023-10-25
Title
Product Recommendation Quiz for eCommerce < 2.1.2 - Missing Authorization in prq_set_token