CVE-2024-5853

Name of the Vulnerable Software and Affected Versions: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress versions up to, and including, 7.2.6

Description: The issue is related to arbitrary file uploads due to missing file type validation in the sirv upload file by chanks AJAX action. This allows authenticated attackers with Contributor-level access and above to upload arbitrary files on the affected site's server, potentially making remote code execution possible.

Recommendations: For versions up to, and including, 7.2.6, update to a version higher than 7.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the sirv upload file by chanks AJAX action to minimize the risk of exploitation.