← volver
CVE-2022-2450

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

CVSS 4.3 MEDIUMEPSS 0.5%CWE-862
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Productos afectados
Unknown · reSmush.it : the only free Image Optimizer & compress plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/1b3ff124-f973-4584-a7d7-26cc404bfe2b