4 matches found
CVE-2022-2450
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2450
The CVE concerns the WordPress plugin reSmush.it Image Optimizer (versions prior to 0.4.4). The vulnerability arises from lack of authorization in various AJAX actions, allowing any logged-in user (e.g., subscribers) to call these actions. Documented endpoints include actions such as resmushit_bu...