Vulnerabilities > Sirv
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-22 | CVE-2025-46233 | Cross-site Scripting vulnerability in Sirv Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. | 5.4 |
| 2024-11-20 | CVE-2024-10855 | Authorization Bypass Through User-Controlled Key vulnerability in Sirv The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0. | 8.1 |
| 2024-09-06 | CVE-2024-8480 | Missing Authorization vulnerability in Sirv The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. | 8.8 |
| 2024-03-15 | CVE-2023-50898 | Unspecified vulnerability in Sirv Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. | 8.8 |
| 2023-01-02 | CVE-2022-4119 | Unspecified vulnerability in Sirv Image Optimizer, Resizer and CDN The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2019-09-13 | CVE-2016-10950 | SQL Injection vulnerability in Sirv The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | 8.8 |