CVE-2022-2450

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

CVSS 4.3 MEDIUMEPSS 0.5%CWE-862

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products

Unknown · reSmush.it : the only free Image Optimizer & compress plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/1b3ff124-f973-4584-a7d7-26cc404bfe2b