CVE-2023-30494
📋 TL;DR
Unauthenticated reflected cross-site scripting (XSS) vulnerability in the ImageRecycle PDF & Image Compression WordPress plugin allows attackers to inject malicious scripts via crafted URLs. This affects WordPress sites running plugin versions 3.1.10 and earlier. Attackers can execute arbitrary JavaScript in victims' browsers when they click malicious links.
💻 Affected Systems
- ImageRecycle PDF & Image Compression WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, perform account takeover, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.
Likely Case
Attackers typically use this to steal session cookies or credentials, perform phishing attacks, or deface websites by injecting malicious content.
If Mitigated
With proper web application firewalls and input validation, impact is limited to failed exploitation attempts with no data loss.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited and require minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.11 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'ImageRecycle pdf & image compression'. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.1.11+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy a WAF with XSS protection rules to block malicious payloads.
Disable Plugin
linuxTemporarily disable the ImageRecycle plugin until patched.
wp plugin deactivate imagerecycle-pdf-image-compression
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Use input validation and output encoding on all user inputs
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for ImageRecycle plugin version.Check Version:
wp plugin get imagerecycle-pdf-image-compression --field=versionVerify Fix Applied:
Verify plugin version is 3.1.11 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual GET requests with script tags or JavaScript payloads in query parameters
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests containing <script> tags or JavaScript in URL parameters
- Suspicious referrer headers with encoded payloads
SIEM Query:
source="*access.log*" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://patchstack.com/database/vulnerability/imagerecycle-pdf-image-compression/wordpress-imagerecycle-pdf-image-compression-plugin-3-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/imagerecycle-pdf-image-compression/wordpress-imagerecycle-pdf-image-compression-plugin-3-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve
