CVE-2022-4101

🗓️ 16 Jan 2023 15:37:49Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

The Images Optimize and Upload CF7 WordPress plugin v2.1.4 allows unauthenticated users to delete arbitrary files via path traversal

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2022-4101	4 Apr 202518:36	–	circl
CNNVD	WordPress plugin Images Optimize and Upload CF7 路径遍历漏洞	16 Jan 202300:00	–	cnnvd
Cvelist	CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion	16 Jan 202315:37	–	cvelist
NVD	CVE-2022-4101	16 Jan 202316:15	–	nvd
OSV	CVE-2022-4101	16 Jan 202316:15	–	osv
Prion	Path traversal	16 Jan 202316:15	–	prion
Positive Technologies	PT-2023-13934 · WordPress · Images Optimize/Upload Cf7	16 Jan 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-4101	23 May 202500:31	–	redhatcve
Vulnrichment	CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion	16 Jan 202315:37	–	vulnrichment
wpexploit	Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion	21 Dec 202200:00	–	wpexploit

NVD

Vulners

Node

images_optimize_and_upload_cf7_project images_optimize_and_upload_cf7Range≤2.1.4wordpress

[
  {
    "vendor": "Unknown",
    "product": "Images Optimize and Upload CF7",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "2.1.4"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb

Parameter	Position	Path	Description	CWE
file	request body	wp-admin/admin-ajax.php	Path traversal through AJAX action yr_api_delete allows deleting arbitrary files via a crafted file path.	CWE-22

04 Apr 2025 19:15Current

9.4High risk

Vulners AI Score9.4

CVSS 3.19.1

EPSS0.40818

SSVC