WordPress Plugin Vulnerabilities

ShortPixel Adaptive Images < 3.8.3 - Missing Authorization in activate_ai_handler and deactivate_ai_handler

Description

The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_ai_handler and deactivate_ai_handler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated attackers to activate or deactivate the AI handler functionality.

Affects Plugins

Plugin icon
shortpixel-adaptive-images
Fixed in 3.8.3

References

CVE
CVE-2024-31230
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3110ae-5e82-4176-bf9d-6c56b13f9c27

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
e756241b-2d42-46b8-8c9c-1b13dac58fc3

Timeline

Publicly Published
2024-04-02 (about 2 years ago)
Added
2024-04-06 (about 2 years ago)
Last Updated
2024-04-06 (about 2 years ago)

Other

Published
Title
Published
2026-04-09
Title
UsersWP < 1.2.59 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter
Published
2025-04-17
Title
Vitepos < 3.1.8 - Missing Authorization
Published
2024-04-22
Title
Vision Interactive < 1.7.2 - Missing Authorization
Published
2026-02-18
Title
Spa and Salon < 1.3.3 - Missing Authorization
Published
2022-10-30
Title
Attorney <= 3 - Unauthenticated Arbitrary Page/Post Deletion