Browse all 4 CVE security advisories affecting Sirv CDN and Image Hosting. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sirv CDN and Image Hosting provides a cloud-based platform for image optimization, delivery, and management across websites and applications. Historically, vulnerabilities have included stored cross-site scripting (XSS) in image metadata, remote code execution (RCE) via improper input validation, and privilege escalation through misconfigured access controls. The platform has addressed multiple security flaws, with four CVEs recorded to date, primarily affecting its image processing and API endpoints. While no major public incidents have been widely reported, the consistent discovery of XSS and RCE vulnerabilities highlights ongoing risks in client-side validation and server-side security controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-46233 | WordPress Sirv plugin <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability — SirvCWE-79 | 6.5 | Medium | 2025-04-22 |
| CVE-2024-32959 | WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability — SirvCWE-266 | 8.8 | High | 2024-05-17 |
| CVE-2024-27950 | WordPress Sirv plugin <= 7.2.0 - Broken Access Control vulnerability — SirvCWE-862 | 5.4 | Medium | 2024-03-01 |
| CVE-2024-27949 | WordPress Sirv plugin <= 7.2.0 - Server Side Request Forgery (SSRF) vulnerability — SirvCWE-918 | 5.4 | Medium | 2024-03-01 |
This page lists every published CVE security advisory associated with Sirv CDN and Image Hosting. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.