Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One]
CVE-2024-32106

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Compress
Vendor: CVE Published:; 11 April 2024

What is CVE-2024-32106?

This vulnerability allows attackers to exploit the WP Compress – Image Optimizer plugin through Cross-Site Request Forgery (CSRF). By leveraging this weakness, unauthorized commands can be executed on behalf of an authenticated user, potentially compromising the integrity of the website. It is crucial for users to be aware of this vulnerability and take necessary actions to secure their systems.

References

https://patchstack.com/database/vulnerability/wp-compress...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2024

WordPress

What is CVE-2024-32106?

References

CVSS V3.1

Timeline