Filtered by vendor Kraken
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0619 | 1 Kraken | 1 Kraken.io Image Optimizer | 2023-02-08 | N/A | 6.5 MEDIUM |
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations. | |||||
CVE-2022-38454 | 1 Kraken | 1 Kraken.io Image Optimizer | 2022-09-26 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. |