CVE-2024-1339

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-1339 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the ImageRecycle pdf & image compression plugin for WordPress. This issue exists in versions up to and including 3.1.13 due to missing or incorrect nonce validation on the reinitialize function. Unauthenticated attackers can exploit this flaw by tricking a site administrator into performing an action, such as clicking on a malicious link. Successful exploitation allows the attacker to delete all plugin data, posing a significant security risk to WordPress websites using the vulnerable plugin version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ucHFMo
https://www.cve.org/CVERecord?id=CVE-2024-1339
https://nvd.nist.gov/vuln/detail/CVE-2024-1339

Back to Vulnerability Database

CVE-2024-1339

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations