3 matches found
CVE-2022-2091
The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack...
CVE-2022-2091 Cache Images < 3.2.1 - Image Upload / Import via CSRF
The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack...
CVE-2022-2091
CVE-2022-2091 affects the WordPress Cache Images plugin prior to version 3.2.1. The root cause is missing nonce checks, enabling CSRF to cause any logged-in user to upload images. Public PoCs demonstrate the CSRF workflow. Remediation: update to version 3.2.1 or later (apply the vendor patch).