CVE-2024-1338

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-1338 is a new cross-site request forgery (CSRF) vulnerability affecting the ImageRecycle plugin for WordPress. This issue, present in all versions up to 3.1.13, arises due to inadequate nonce validation on the "stopOptimizeAll" function. As a consequence, unauthenticated attackers can manipulate image optimization settings by forging requests, and persuade site administrators to perform these malicious actions. This CSRF flaw poses a significant security risk, emphasizing the importance of promptly updating to the latest, patched version of the ImageRecycle plugin to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ucIVYS
https://www.cve.org/CVERecord?id=CVE-2024-1338
https://nvd.nist.gov/vuln/detail/CVE-2024-1338

Back to Vulnerability Database

CVE-2024-1338

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations