CVE-2024-8120
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Summary
CVE-2024-8120 is a vulnerability found in the ImageRecycle PDF and image compression plugin for WordPress, affecting all versions up to 3.1.14. The flaw arises from inadequate nonce validation in specific functions, allowing unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) by tricking site administrators into executing malicious actions. Affected products include a variety of plugins denoted by product codes such as x-PQKR and x-PImH. To remediate this issue, users should update the plugin to version 3.1.15 or later, where the vulnerability has been addressed. If left unremedied, the vulnerability poses a medium threat level to organizations, potentially allowing unauthorized changes to plugin settings without requiring credentials from the admin user.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.