Vulnerability Description
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kraken | Kraken.Io Image Optimizer | <= 2.6.8 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/kraken-image-optimizer/tags/2.6.6/kraThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e3
- https://plugins.trac.wordpress.org/browser/kraken-image-optimizer/tags/2.6.6/kraThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e3Third Party Advisory
FAQ
What is CVE-2023-0619?
CVE-2023-0619 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it po...
How severe is CVE-2023-0619?
CVE-2023-0619 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0619?
Check the references section above for vendor advisories and patch information. Affected products include: Kraken Kraken.Io Image Optimizer.