vulnerability

WordPress Plugin: shortpixel-adaptive-images: CVE-2024-31230: Missing Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Apr 2, 2024	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Apr 2, 2024

Added

May 15, 2025

Modified

May 15, 2025

Description

The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_ai_handler and deactivate_ai_handler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated attackers to activate or deactivate the AI handler functionality.

Solution

shortpixel-adaptive-images-plugin-cve-2024-31230

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-31230
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3110ae-5e82-4176-bf9d-6c56b13f9c27?source=api-prod
CVE-2024-31230
https://attackerkb.com/topics/CVE-2024-31230

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today