CVE-2022-4101
Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
Unknown · Images Optimize and Upload CF7public PoCs found — 1
cve_referencewpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eebunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →