The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/browser/kraken-image-optimizer/tags/2.6.6/kraken.php#L705 | Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e36-d7d0fad833de | Third Party Advisory |
Configurations
History
07 Nov 2023, 04:01
Type | Values Removed | Values Added |
---|---|---|
CWE |
08 Feb 2023, 19:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Kraken kraken.io Image Optimizer
Kraken |
|
CPE | cpe:2.3:a:kraken:kraken.io_image_optimizer:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://plugins.trac.wordpress.org/browser/kraken-image-optimizer/tags/2.6.6/kraken.php#L705 - Third Party Advisory | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e36-d7d0fad833de - Third Party Advisory |
01 Feb 2023, 20:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-01 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0619
Mitre link : CVE-2023-0619
CVE.ORG link : CVE-2023-0619
JSON object : View
Products Affected
kraken
- kraken.io_image_optimizer
CWE
No CWE.