CVE-2024-6392

MEDIUM 5.4

Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.

CWE	CWE-862
Vendor	sirv
Product	image optimizer, resizer and cdn – sirv
Published	Jul 11, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for sirv image optimizer, resizer and cdn – sirv

Be the first to know when new medium vulnerabilities affecting sirv image optimizer, resizer and cdn – sirv are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

sirv / Image Optimizer, Resizer and CDN – Sirv

0 ≤ 7.2.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/229490c3-d820-4831-b105-a429512c2c60?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5197 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5338

Credits

Rafshanzani Suhada