CVE-2024-8480

Description

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_save_prevented_sizes function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the sirv_upload_file_by_chunks_callback function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.