Lucene search
Raad Haddad of Cloudyrion GmbHWPEX-ID:1B3FF124-F973-4584-A7D7-26CC404BFE2BHistoryOct 19, 2022 - 12:00 a.m.
reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
2022-10-1900:00:00
Raad Haddad of Cloudyrion GmbH
66
resmush.it
image optimizer
subscriber+
ajax calls
unauthorized actions
exploit
0.001 Low
EPSS
Percentile
25.0%
The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.
Examples of actions where low-privileged users can directly ask
- https://example.com/wp-admin/admin-ajax.php?action=resmushit_bulk_get_images
- https://example.com/wp-admin/admin-ajax.php?action=resmushit_restore_backup_files
- https://example.com/wp-admin/admin-ajax.php?action=resmushit_remove_backup_files
- https://example.com/wp-admin/admin-ajax.php?action=resmushit_update_statisticsRelated
nvd
nvd
CVE-2022-2450
2022-11-14 15:15:19
cve
cve
CVE-2022-2450
2022-11-14 15:15:19
cvelist
cvelist
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
2022-11-14 00:00:00
wpvulndb
wpvulndb
reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
2022-10-19 00:00:00
prion
prion
Design/Logic Flaw
2022-11-14 15:15:00