Which Image Optimizer, Resizer and CDN – Sirv CVEs are tracked?

Image Optimizer, Resizer and CDN – Sirv tracked CVEs include CVE-2024-5853, CVE-2024-32959, CVE-2024-8480, CVE-2016-10950, and CVE-2024-10855.

How many Image Optimizer, Resizer and CDN – Sirv vulnerabilities have patch guidance?

12 of 12 tracked Image Optimizer, Resizer and CDN – Sirv records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 12 known issues Latest disclosed Apr 22, 2025

Image Optimizer, Resizer and CDN – Sirv Vulnerabilities

Review known vulnerability records for the WordPress plugin Image Optimizer, Resizer and CDN – Sirv (`sirv`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-46233, CVE-2024-10855 and CVE-2024-8964, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Apr 30, 2025

Priority CVE Quick Links

Fast paths into Image Optimizer, Resizer and CDN – Sirv CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-5853 Critical 7.2.7

CVE-2024-5853 Image Optimizer, Resizer and CDN – Sirv Remote Code Execution

Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload

CVE-2024-32959 Critical 7.2.3

CVE-2024-32959 Image Optimizer, Resizer and CDN – Sirv Privilege Escalation

Sirv <= 7.2.2 - Missing Authorization to Arbitrary Options Update

CVE-2024-8480 High 7.2.8

CVE-2024-8480 Image Optimizer, Resizer and CDN – Sirv Remote Code Execution

Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload

CVE-2016-10950 High 1.3.2

CVE-2016-10950 Image Optimizer, Resizer and CDN – Sirv SQL Injection

Image Optimizer, Resizer and CDN – Sirv < 1.3.2 - SQL Injection

CVE-2024-10855 High 7.3.1

CVE-2024-10855 Image Optimizer, Resizer and CDN – Sirv Authorization Bypass

Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion

CVE-2025-46233 Medium 7.5.4

CVE-2025-46233 Image Optimizer, Resizer and CDN – Sirv Stored Cross-Site Scripting

Sirv <= 7.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-8964 Medium 7.3.0

CVE-2024-8964 Image Optimizer, Resizer and CDN – Sirv File Upload

Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

CVE-2024-27949 Medium 7.2.1

CVE-2024-27949 Image Optimizer, Resizer and CDN – Sirv Server-Side Request Forgery

Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Authenticated (Subscriber+) Server-Side Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Image Optimizer, Resizer and CDN – Sirv so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

12 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

2 critical and 3 high severity findings.

Recent CVEs

CVE-2025-46233, CVE-2024-10855 and CVE-2024-8964

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-46233 Medium Patch path listed

CVE-2025-46233: Sirv <= 7.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.3 due to insufficient input sanitization and output escaping. This makes it p...

Published

Apr 22, 2025

Patch Status

7.5.4

Open CVE-2025-46233 Report

CVE-2024-10855 High Patch path listed

CVE-2024-10855: Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the...

Published

Nov 19, 2024

Patch Status

7.3.1

Open CVE-2024-10855 Report

CVE-2024-8964 Medium Patch path listed

CVE-2024-8964: Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insuffic...

Published

Oct 07, 2024

Patch Status

7.3.0

Open CVE-2024-8964 Report

Known Vulnerabilities

Reports for Image Optimizer, Resizer and CDN – Sirv

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-46233

CVE-2025-46233: Sirv <= 7.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject ar...

Published

Apr 22, 2025

Patched Release

7.5.4

Affected Versions

Versions up to 7.5.3

Next Step

Update to 7.5.4 or newer if supported.

Open CVE-2025-46233 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-10855

CVE-2024-10855: Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versio...

Published

Nov 19, 2024

Patched Release

7.3.1

Affected Versions

Versions up to 7.3.0

Next Step

Update to 7.3.1 or newer if supported.

Open CVE-2024-10855 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-8964

CVE-2024-8964: Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...

Published

Oct 07, 2024

Patched Release

7.3.0

Affected Versions

Versions up to 7.2.9

Next Step

Update to 7.3.0 or newer if supported.

Open CVE-2024-8964 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-8480

CVE-2024-8480: Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated...

Published

Aug 21, 2024

Patched Release

7.2.8

Affected Versions

Versions up to 7.2.7

Next Step

Update to 7.2.8 or newer if supported.

Open CVE-2024-8480 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-6392

CVE-2024-6392: Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, wi...

Published

Jul 11, 2024

Patched Release

7.2.8

Affected Versions

Versions up to 7.2.7

Next Step

Update to 7.2.8 or newer if supported.

Open CVE-2024-6392 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-5853

CVE-2024-5853: Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attacke...

Published

Jun 18, 2024

Patched Release

7.2.7

Affected Versions

Versions up to 7.2.6

Next Step

Update to 7.2.7 or newer if supported.

Open CVE-2024-5853 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-32959

CVE-2024-32959: Sirv <= 7.2.2 - Missing Authorization to Arbitrary Options Update

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_dismiss_notice() function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attack...

Published

Apr 23, 2024

Patched Release

7.2.3

Affected Versions

Versions up to 7.2.2

Next Step

Update to 7.2.3 or newer if supported.

Open CVE-2024-32959 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-27949

CVE-2024-27949: Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...

Published

Mar 01, 2024

Patched Release

7.2.1

Affected Versions

Versions up to 7.2.0

Next Step

Update to 7.2.1 or newer if supported.

Open CVE-2024-27949 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-27950

CVE-2024-27950: Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Missing Authorization

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and a...

Published

Mar 01, 2024

Patched Release

7.2.1

Affected Versions

Versions up to 7.2.0

Next Step

Update to 7.2.1 or newer if supported.

Open CVE-2024-27950 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-50898

CVE-2023-50898: Sirv <= 7.1.2 - Missing Authorization via sirv_disconnect

The Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_disconnect function hooked via AJAX in versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level ac...

Published

Dec 26, 2023

Patched Release

7.1.3

Affected Versions

Versions up to 7.1.2

Next Step

Update to 7.1.3 or newer if supported.

Open CVE-2023-50898 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-4119

CVE-2022-4119: Image Optimizer, Resizer and CDN – Sirv <= 6.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘SIRV_ACCOUNT_EMAIL’ parameter in versions up to, and including, 6.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administr...

Published

Dec 09, 2022

Patched Release

6.8.1

Affected Versions

Versions up to 6.8.0

Next Step

Update to 6.8.1 or newer if supported.

Open CVE-2022-4119 Report Open CVE Reference

Plugin High Patched: Yes CVE-2016-10950

CVE-2016-10950: Image Optimizer, Resizer and CDN – Sirv < 1.3.2 - SQL Injection

The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.

Published

Nov 10, 2016

Patched Release

1.3.2

Affected Versions

Versions before 1.3.2

Next Step

Update to 1.3.2 or newer if supported.

Open CVE-2016-10950 Report Open CVE Reference