CVE-2024-1089
CVSS 3.1 Score 7.3 of 10 (high)
Details
Published Feb 29, 2024
Updated: Dec 27, 2024
CWE ID 94
Summary
CVE-2024-1089 is a vulnerability affecting the ImageRecycle plugin for WordPress. This issue stems from a missing capability check on the optimizeAllOn function, which exists in all versions up to 3.1.13. As a consequence, authenticated attackers with subscriber-level access and above can unauthorized modify image optimization settings, posing a potential security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share