Lucene search

[email protected]NVD:CVE-2022-2450

HistoryNov 14, 2022 - 3:15 p.m.

CVE-2022-2450

2022-11-1415:15:19

CWE-862

[email protected]

web.nvd.nist.gov

wordpress

resmush.it

image optimizer

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

Affected configurations

NVD

Node

resmush.itresmush.it_image_optimizerRange<0.4.4wordpress

References

wpscan.com/vulnerability/1b3ff124-f973-4584-a7d7-26cc404bfe2b

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for NVD:CVE-2022-2450

cve1 cvelist1 wpvulndb1 wpexploit1 prion1