CVSS 3.1 Score 4.3 of 10 (medium)


Published Feb 29, 2024


CVE-2024-1336 is a vulnerability found in the ImageRecycle pdf & image compression plugin for WordPress. This vulnerability affects all versions up to and including 3.1.13. It is classified as a Cross-Site Request Forgery (CSRF) vulnerability, resulting from missing or incorrect nonce validation on the optimizeAllOn function. As a consequence, unauthenticated attackers can exploit this vulnerability to modify image optimization settings by tricking a site administrator into performing an action, such as clicking on a link. The severity of this vulnerability is rated as MEDIUM, with a base score of 4.3 out of 10. It requires user interaction and has a low integrity impact and no confidentiality impact. The exploitability score is 2.8 out of 10, indicating that it is moderately easy to exploit. Organizations using the affected versions are advised to update to the latest version or apply any patches or fixes provided by the plugin developer to remediate this vulnerability and prevent potential unauthorized modification of image optimization settings.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1336 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options