Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Kraken Subscribe
Filtered by product Kraken.io Image Optimizer
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0619 1 Kraken 1 Kraken.io Image Optimizer 2023-02-08 N/A 6.5 MEDIUM
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.
CVE-2022-38454 1 Kraken 1 Kraken.io Image Optimizer 2022-09-26 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.