The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-11-14 15:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-2449
Mitre link : CVE-2022-2449
CVE.ORG link : CVE-2022-2449
JSON object : View
Products Affected
resmush.it
- resmush.it_image_optimizer
CWE
CWE-352
Cross-Site Request Forgery (CSRF)