29 matches found
EUVD-2022-34710
Malicious code in bioql PyPI...
EUVD-2022-34709
Malicious code in bioql PyPI...
CVE-2022-2450
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2449
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site...
WordPress reSmush.it Image Optimizer License Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
CVE-2022-2450
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2449
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site...
CVE-2022-2450
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2449
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site...
Cross site request forgery (csrf)
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site...
WordPress Plugin reSmush.it Image Optimizer 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
CVE-2022-2449 reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site...
CVE-2022-2449
CVE-2022-2449 concerns the WordPress plugin reSmush.it Image Optimizer (pre-0.4.4). All AJAX actions lack CSRF checks, enabling an attacker to trick a logged-in user into performing actions on the site. Public records describe CSRF as the underlying issue and cite vulnerable versions prior to 0.4...
PT-2022-16710 · Unknown · Resmush.It
Name of the Vulnerable Software and Affected Versions: reSmush.it versions prior to 0.4.4 Description: The issue concerns a lack of CSRF checks for AJAX actions, allowing attackers to trick logged-in users into performing various actions on their behalf on the site. Recommendations: For versions...
WordPress Plugin reSmush.it Image Optimizer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them...
PT-2022-16711 · WordPress · Resmush.It
Name of the Vulnerable Software and Affected Versions: reSmush.it plugin versions prior to 0.4.4 Description: The issue concerns a lack of authorization in various AJAX actions within the reSmush.it plugin, allowing any logged-in users, such as subscribers, to call these actions. Recommendations:...
CVE-2022-2450
The CVE concerns the WordPress plugin reSmush.it Image Optimizer (versions prior to 0.4.4). The vulnerability arises from lack of authorization in various AJAX actions, allowing any logged-in user (e.g., subscribers) to call these actions. Documented endpoints include actions such as resmushit_bu...
reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. PoC Examples of actions where low-privileged users can directly ask - https://example.com/wp-admin/admin-ajax.php?action=resmushitbulkgetimages -...