CVE-2024-8480: 
WordPress vulnerability analysis and mitigation

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress contains a critical security vulnerability (CVE-2024-8480) discovered in versions up to and including 7.2.7. The vulnerability stems from a missing capability check on the 'sirvsaveprevented_sizes' function, which affects the plugin's security architecture (NVD).

The vulnerability is characterized by a missing authorization mechanism in the 'sirvsavepreventedsizes' function, coupled with improper file type validation in the 'sirvuploadfilebychunkscallback' function. The vulnerability has received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating its severe nature. The weakness is classified as CWE-862 (Missing Authorization) (NVD, Wordfence).

The vulnerability allows authenticated attackers with Contributor-level access or higher to upload arbitrary files to the affected site's server. This capability could potentially lead to remote code execution, giving attackers significant control over the compromised WordPress installation (NVD).

A patch has been released to address this vulnerability. Site administrators are strongly advised to update their Sirv plugin to version 7.2.8 or later (WordPress Plugin).