CVE-2024-8480

Summary

CVE-2024-8480 identifies a vulnerability in the Sirv plugin for WordPress, affecting all versions up to and including 7.2.7, which allows unauthorized data modification due to a missing capability check in the 'sirv_save_prevented_sizes' function. This flaw enables authenticated attackers with Contributor-level access or higher to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, potentially leading to arbitrary file uploads on the server and remote code execution. The vulnerability poses high risks with an exploitability score of 2.8 and is characterized by a low attack complexity, requiring minimal privileges and no user interaction. Organizations using affected versions of the Sirv plugin should promptly update to newer versions that address this vulnerability to mitigate potential integrity and confidentiality impacts. Failure to remediate could expose sensitive data and compromise system integrity within affected WordPress sites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.