The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Related CVEs

CVE-2024-1336

Key Information

GHSA ID

GHSA-wxgw-5pp3-7r6x

Published

February 29, 2024 3:33 AM

Last Modified

February 29, 2024 3:33 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.