2 matches found
CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the deleteresmushlist function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen ...
WordPress Smush Image Compression and Optimization Plugin <= 3.16.4 is vulnerable to Broken Access Control
Software Smush Image Compression and Optimization Type Plugin Vulnerable versions = 3.16.4 Fixed in 3.16.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3352 Patch priority Low CVSS severity Low 5.4 Developer WPMU DEV PSID d6c54863dce8 Credits Truoc Phan...