cleantalk
Vulnerabilities and Security Researches

Image Optimizer, Resizer and CDN – Sirv, CVE-2024-8480

CVE, Research URL

CVE-2024-8480

Home page URL

Security reports for Image Optimizer, Resizer and CDN – Sirv

Application

Image Optimizer, Resizer and CDN – Sirv

Published on
Sep 06, 2024
Research Description
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 7.2.8.
Status
vulnerable
Previous vulnerability researches
Image Optimizer, Resizer and CDN – Sirv (CVE-2024-6392) , Jul 13, 2024
Image Optimizer, Resizer and CDN – Sirv (CVE-2024-8480) , Sep 08, 2024
Image Optimizer, Resizer and CDN – Sirv (CVE-2024-8964) , Oct 09, 2024
Image Optimizer, Resizer and CDN – Sirv (CVE-2025-46233) , Apr 23, 2025
Image Optimizer, Resizer and CDN – Sirv (CVE-2024-32959) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026